Comments (7)
pierre42100
commented on September 27, 2024
And the login tokens must absolutely be linked with the API client that made the authentication !
In fact, you should consider your webui as a client of your API (like I did with Comunic). It makes things much logical and easier after...
from kfet.
natnat-mc
commented on September 27, 2024
How did I not think of that!
Do I link them by IP, by User-Agent string?
(I already consider my webui as a client, just with cookies as a bonus to store the session somewhere; everything will do REST calls and WebSocket accesses)
from kfet.
natnat-mc
commented on September 27, 2024
Make cookies actually carry tokens, like in #16
Sign tokens with a server secret, and store everything inside them, not a db
from kfet.
pierre42100
commented on September 27, 2024
Yes cookies should carry tokens so you would have to check both API and User tokens before confirming user authentication...
from kfet.
natnat-mc
commented on September 27, 2024
as of 9a07ef5, tokens can be in
- query string
GET url?token=<token> - header
Token: <token> - cookies
session=<token>
from kfet.
natnat-mc
commented on September 27, 2024
tokens should be JWT's (#21)
from kfet.
natnat-mc
commented on September 27, 2024
this should have been closed sooner
from kfet.
Related Issues (20)
- auth mechanism HOT 2
- add devDep on less and write the base structure for it HOT 2
- add a way to *properly* kill ourselves HOT 2
- create logger to file using 'log/writer-utils/emitter', on 'log', with 'logger.namespace' and 'messageTokens' HOT 1
- create statement loader
- check cookie automatically and create login endpoint HOT 1
- create account creation endpoint
- update readme to include new deps HOT 1
- create database editor
- use CORS, compression, cookie-parser middlewares HOT 1
- create views for login box, header, nav, footer, etc HOT 1
- fix start scripts HOT 1
- make cookies correspond to tokens instead of users HOT 3
- move all the view rendering to "views.js" and all the api to "api.js" HOT 2
- make use of app.locals and res.locals to give functions to ejs +more HOT 1
- force quit on timeout HOT 1
- HTTPS
- migrate to JWT HOT 2
- actually do stuff?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kfet.