內容簡介
Auto Login for Sakura Rental Server 允許管理員發佈一次性、限時的自動登入 URL,使用 HMAC 簽名以確保安全性,適用於臨時訪問或系統整合。
【主要功能】
• 安全的自動登入,使用一次性令牌
• 令牌經 HMAC 簽名,使用後立即失效
• 令牌發佈與使用歷史記錄(每位用戶最多 100 筆)
• 記錄發佈者的 IP 地址與用戶名稱
• 限制速率:每個 IP 每秒 1 次請求
• 提供 WP-CLI 命令生成令牌及檢查歷史
外掛標籤
開發者團隊
② 後台搜尋「Auto Login for Sakura Rental Server」→ 直接安裝(推薦)
原文外掛簡介
Auto Login for Sakura Rental Server allows administrators to issue one-time, time-limited auto-login URLs using HMAC signatures.
This is useful for secure temporary access or system integration.
Features:
– Secure auto-login with one-time tokens
– Tokens are HMAC-signed and invalidated after use
– Token issuance and usage history (up to 100 entries per user)
– Records IP address and username of the issuer
– Rate limiting: 1 request per second per IP
– WP-CLI commands for token generation and history inspection
Example use cases:
– Temporarily granting admin access
– Safe automatic login from external systems
– Keeping an audit log of who issued a token and from where
Usage
Generate a token via CLI
wp auto-login-for-sakura-rental-server generate
Example:
Default expiration time: 300 seconds
--expires and --username are optional
Check issue history
Token history is stored in the user meta key sakura_auto_login_history.
You can check it via WP-CLI:
wp user meta get sakura_auto_login_history
Auto-login URL format
https://example.com/?rs_auto_login_token=<64-character HMAC token>
Visiting the URL will log in as the corresponding user and redirect to the admin dashboard.
Security Notes
Tokens are invalidated immediately after use (one-time only)
Issue and usage history includes IP address, issuer username, and timestamps
Stored using update_option() for caching compatibility
HTTPS is strongly recommended
