feat: 添加密码管理功能,包括 API、数据库支持和前端界面
This commit is contained in:
@@ -0,0 +1,33 @@
|
||||
## Context
|
||||
We need a password manager across extension and web, with admin visibility and per-user isolation. Non-admin users must re-verify their login password to view plaintext.
|
||||
|
||||
## Goals / Non-Goals
|
||||
- Goals:
|
||||
- Save credentials with explicit confirmation.
|
||||
- Autofill selector for saved accounts per site.
|
||||
- Admin can view all users’ credentials.
|
||||
- Non-admin must re-verify password before plaintext reveal.
|
||||
- Encrypt credentials at rest.
|
||||
- Non-Goals:
|
||||
- Browser-level credential integration outside the extension.
|
||||
- Password sharing between users.
|
||||
|
||||
## Decisions
|
||||
- Site key = URL origin (scheme + host + port).
|
||||
- Storage model: one row per (user_id, site_origin, username), allowing multiple accounts per site.
|
||||
- Encrypt password using AES-256-GCM with server-side master key (env), store iv + tag + ciphertext.
|
||||
- Use a session-only toggle to reveal plaintext in the web UI (sessionStorage; reset on browser close).
|
||||
- Extension content script detects login forms; popup asks to save; only on confirm does it call API.
|
||||
|
||||
## Risks / Trade-offs
|
||||
- Storing decryptable passwords increases risk. Mitigation: encryption at rest, strict auth, session-only plaintext reveal, audit logging (future).
|
||||
|
||||
## Migration Plan
|
||||
- Add DB migration for credential tables and indexes.
|
||||
- Add API endpoints and update OpenAPI.
|
||||
- Implement extension flows and web UI.
|
||||
- Add tests for CRUD, reauth, admin access.
|
||||
|
||||
## Open Questions
|
||||
- Confirm site matching scope (origin vs eTLD+1).
|
||||
- Save prompt triggers on form submit (username + password present).
|
||||
Reference in New Issue
Block a user