angel-dart-archive / auth Goto Github PK
View Code? Open in Web Editor NEWmoved to angel-dart/angel/packages/auth
Home Page: https://github.com/angel-dart/angel/tree/master/packages/auth
License: MIT License
moved to angel-dart/angel/packages/auth
Home Page: https://github.com/angel-dart/angel/tree/master/packages/auth
License: MIT License
Travis is really screwing me over right now
Hi all, please can you explain me what is the best way to handle user auth and manage her scope authorizations?
For example now I've this situation:
I create a plugin like this to handle login
Future<void> configureServer(Angel app) async {
// Inizializzazione Authenticator
var auth = AngelAuth<User>(jwtKey: app.configuration["jwt_secret"] as String, secureCookies: app.environment.isProduction);
auth.serializer = (u) => u.id;
auth.deserializer = (id) => _fetchUserById(id, app);
await app.configure(auth.configureServer);
auth.strategies['local'] = LocalAuthStrategy((username, password) async {
var executor = app.container.make<QueryExecutor>();
// Cerco l'Utente
var query = UserQuery();
query.where..username.equals(username);
var user = await query.getOne(executor);
if (user != null) {
if (Password.verify(password, user.hashedPassword)) {
return user;
}
}
throw AngelHttpException.notAuthenticated();
});
// ROUTER - Login
app.post('/auth/login', auth.authenticate('local'));
}
Future<User> _fetchUserById(id, Angel app) async {
if (id is String) {
var executor = app.container.make<QueryExecutor>();
// Cerco l'Utente
var query = UserQuery();
query.where..id.equals(int.tryParse(id));
var user = await query.getOne(executor);
if (user != null) {
return user;
}
}
throw AngelHttpException.notAuthenticated();
}
Now what is the best way to manage the user authorization?
MUST be compatible with angel-dart-archive/client#25.
*This issue was automatically moved to: angel-dart/angel#180.
// Old
auth.authenticate('basic,facebook');
// Better
auth.authenticate(['basic', 'facebook']);
*This issue was automatically moved to: angel-dart/angel#179.
const RequireAuthorizationMiddleware forceAuth = const RequireAuthorizationMiddleware();
RequestMiddleware forceAuthBasic({String realm}) {
return (req, res) async {...};
}
Would make Websocket auth easier
Only need local auth at this point
*This issue was automatically moved to: angel-dart/angel#181.
Probably add a simple boolean flag to constructor, cookie
https://storify.com/jcuid/thomas-h-ptacek-don-t-use-json-web-tokens
Most of these can be averted, though. auth
doesn't actually implement the JWT spec.
So it can fit inside the route group...
Users will only have to call configureServer
, instead of also mounting decodeJwt
.
// In configureServer, where `_decodeJwt` returns `Future<User>`.
app.container.registerLazySingleton<Future<User>>((container) async {
var req = container.make<RequestContext>();
var res = container.make<ResponseContext>();
return await _decodeJwt(req, res);
});
// Asynchronously parse the JWT, if it exists.
var user = await req.container.makeAsync<User>();
Instead, manually add the middleware. This will play nicely with https://github.com/angel-dart/oauth2
Well, I mean...
In auth_google, you never get to process past the authenticate
middleware, it's frustrating
This would be run instead of redirects if present
new AngelAuthOptions(callback: (req, res, token) async {
return token.toJson();
})
This would be nice for things like auth_google, and wouldn't force you into using cookies
Allow other algos, but be wary:
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
Currently there are like 5 or 6 spots with duplicate code, fix this...
It'll make #24 easier to solve as well.
After authenticated how can I get the authentication's information in any routes?
Like,
app.post('/login',auth.authenticate('local'));
app.get('/user', (req, res){...});
how can I get authentication's information out of req?
According to the example, I don't quite get the concept of ioc function and it doesn't seem to work in action anyway.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.