Login Authentication
Third-party applications can use the login authentication capability provided by the system to achieve seamless integration with the NAS user system. The application backend service can obtain the current logged-in user information from the HTTP request headers forwarded through the system gateway service, enabling authenticated access and user-based data isolation.
Note
To use this capability, the application frontend page open type needs to be set to inner, meaning the application opens as an independent window within the UGOS Pro system desktop.
Integration Guide
To integrate the system login authentication capability, third-party applications need to complete the following configuration:
Application Configuration Support
- Configure the
proxy_pathfield to specify the access path prefix for the backend service. The system gateway service will perform request authentication based on this configuration and set the authenticated user information in the request headers before forwarding to the application backend service. - Configure
open_typeasinnerto specify that the application frontend page opens as an independent window within the UGOS Pro system desktop. In this mode, the frontend page can obtain system login authentication information by integrating the system JSSDK.
Configuration example:
yaml... port: 21010 # Application service port proxy_path: api # Application backend HTTP service proxy path prefix open_type: inner # Application frontend page open type ...For applications using the above example configuration, if the request path initiated by the frontend starts with
/api, it will be processed by the system gateway and forwarded to the application backend service (port 21010). During forwarding, the authentication information of the current logged-in user will be included in the HTTP request headers.The processing flow is as follows:
- Configure the
Frontend Integration with System JSSDK
The frontend page needs to import the system JSSDK to obtain the authentication token through the interface provided by JSSDK and include the token in backend API requests.
jsimport { ugSdk } from './index.js?v=1'; let ugToken = null; async function fetchAPI() { try { const headers = {}; if (ugToken) { // Set auth token in request header, field name is fixed as Ugreen-Ttk headers['Ugreen-Ttk'] = ugToken; } // Request application backend service, path prefix needs to match the value set in proxy_path field const response = await fetch('/api/v1/info', { headers: headers }); if (!response.ok) { throw new Error('Network error'); } const data = await response.json(); console.log(data); } catch (error) { console.log(error); } } // Implement callback function for getUgInfo interface const callback = (error, _info) => { if (!error) { console.log(_info); // Parse the passed _info object, third_token field value is the auth token if (_info && _info.third_token) { ugToken = _info.third_token; } fetchAPI(); } }; // Call SDK interface and pass callback function ugSdk.getUgInfo(callback);Note
The above code is just an example. The callback and fetchAPI need to be implemented according to actual business logic.
Backend Parsing of User Information
The application backend needs to parse the user information injected by the system gateway from HTTP request headers for permission verification and user identification.
Injected request header fields include:
- Ugreen-User-ID: User ID
- Ugreen-User-Name: Username
- Ugreen-User-Type: User role (admin: Administrator, users: Regular user)
Overall Flow
The overall interaction flow after the application frontend and backend integrate the user authentication functionality is as follows: