angel-dart-archive / auth Goto Github PK
View Code? Open in Web Editor NEWmoved to angel-dart/angel/packages/auth
Home Page: https://github.com/angel-dart/angel/tree/master/packages/auth
License: MIT License
auth's People
Contributors
Stargazers
Watchers
auth's Issues
Warn users if serializer or deserializer is not set!!!
Method for authtoken from jwt
Fix broken test
Travis is really screwing me over right now
Should have hmac getter
Add freedom over JWT payload :)
Best scope handler
Hi all, please can you explain me what is the best way to handle user auth and manage her scope authorizations?
For example now I've this situation:
I create a plugin like this to handle login
Future<void> configureServer(Angel app) async {
// Inizializzazione Authenticator
var auth = AngelAuth<User>(jwtKey: app.configuration["jwt_secret"] as String, secureCookies: app.environment.isProduction);
auth.serializer = (u) => u.id;
auth.deserializer = (id) => _fetchUserById(id, app);
await app.configure(auth.configureServer);
auth.strategies['local'] = LocalAuthStrategy((username, password) async {
var executor = app.container.make<QueryExecutor>();
// Cerco l'Utente
var query = UserQuery();
query.where..username.equals(username);
var user = await query.getOne(executor);
if (user != null) {
if (Password.verify(password, user.hashedPassword)) {
return user;
}
}
throw AngelHttpException.notAuthenticated();
});
// ROUTER - Login
app.post('/auth/login', auth.authenticate('local'));
}
Future<User> _fetchUserById(id, Angel app) async {
if (id is String) {
var executor = app.container.make<QueryExecutor>();
// Cerco l'Utente
var query = UserQuery();
query.where..id.equals(int.tryParse(id));
var user = await query.getOne(executor);
if (user != null) {
return user;
}
}
throw AngelHttpException.notAuthenticated();
}
Now what is the best way to manage the user authorization?
Redirects should not throw 401!!!
Remove RequireAuthorizationMiddleware
Make plug-in generic, add on login stream, etc.
Allow token in query
Use Map for auth strategies
`authenticate` should return currently signed in user, if one is present
Export 'auth_token.dart' library
Add client-compatible default JWT callback pages
MUST be compatible with angel-dart-archive/client#25.
Allow a callback that interacts with AuthToken before serialization
Use lazyBody for local auth strategy
Undeprecate decodeJwt
*This issue was automatically moved to: angel-dart/angel#180.
Update docs
Add hooks
Change authenticate comma schematic
// Old
auth.authenticate('basic,facebook');
// Better
auth.authenticate(['basic', 'facebook']);ReviveJwt needs to optionally take POSTed 'token'
tokenCallback can potentially result in token never being applied
*This issue was automatically moved to: angel-dart/angel#179.
logout should send empty cookie
Export middleware as functions
const RequireAuthorizationMiddleware forceAuth = const RequireAuthorizationMiddleware();
RequestMiddleware forceAuthBasic({String realm}) {
return (req, res) async {...};
}Method to manually sign in user with authtoken/jwt string
Would make Websocket auth easier
Move alternate methods to individual repos
Only need local auth at this point
Should re-generate JWT string if tokenCallback is called
Print error when no serializer set instead of throwing
*This issue was automatically moved to: angel-dart/angel#181.
Token cookie should be optional
Probably add a simple boolean flag to constructor, cookie
Patch potential JWT holes
https://storify.com/jcuid/thomas-h-ptacek-don-t-use-json-web-tokens
Most of these can be averted, though. auth doesn't actually implement the JWT spec.
No point overwriting token cookie if it is present
Make userKey configurable
Change default token endpoint to /token, I think
So it can fit inside the route group...
Deprecate auth.decodeJwt in favor of asynchronous dependency injection
Users will only have to call configureServer, instead of also mounting decodeJwt.
// In configureServer, where `_decodeJwt` returns `Future<User>`.
app.container.registerLazySingleton<Future<User>>((container) async {
var req = container.make<RequestContext>();
var res = container.make<ResponseContext>();
return await _decodeJwt(req, res);
});
// Asynchronously parse the JWT, if it exists.
var user = await req.container.makeAsync<User>();Remove call()
Instead, manually add the middleware. This will play nicely with https://github.com/angel-dart/oauth2
authenticate should never end request
Well, I mean...
In auth_google, you never get to process past the authenticate middleware, it's frustrating
Cookie should have expiry
Use `deserializer` to send JSON
confirm auth popup doesn't close window...
Add callback to options
This would be run instead of redirects if present
new AngelAuthOptions(callback: (req, res, token) async {
return token.toJson();
})This would be nice for things like auth_google, and wouldn't force you into using cookies
Follow spec
Allow other algos, but be wary:
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
Token should be added as req.properties['token']
Add an `authenticateAndContinue` method to AngelAuth
Use a single method to apply token and user
Currently there are like 5 or 6 spots with duplicate code, fix this...
It'll make #24 easier to solve as well.
Plugin can inject authed user
Revive should return {data, token}
How to acquire authentication's information?
After authenticated how can I get the authentication's information in any routes?
Like,
app.post('/login',auth.authenticate('local'));
app.get('/user', (req, res){...});how can I get authentication's information out of req?
According to the example, I don't quite get the concept of ioc function and it doesn't seem to work in action anyway.
Should *override* issuedAt
Add on login, on token streams
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.