scala-pet-store icon indicating copy to clipboard operation
scala-pet-store copied to clipboard

Published 20 hours ago verified publisher icon pauljamescleary

Add authentication middleware

Open pauljamescleary opened this issue 7 years ago • 4 comments
trafficstars

Implement authentication middleware for logged in endpoints.

It appears as though TSec is the way to go here...

https://jmcardon.github.io/tsec/docs/http4s/auth-jwt.html

Need a few things here:

  1. Need some kind of login endpoint. That endpoint will take the user and password and generate the token
  2. Need authentication middleware using TSec
  3. Need to update any HttpServices that should be authenticated. Certainly placing orders

pauljamescleary avatar Dec 24 '17 15:12 pauljamescleary

This issue introduces the concept of a User. Authenticated endpoints (which include all endpoints except signup and login) will now need to be Auth'd.

All services will have to take a user. For example, if someone POSTs a new pet, we should associate the user id of the user who created it. Similarly, when someone POSTS a new order, we should save the user id on the order as well.

I am still working through the particulars of TSec, may reach out for some help.

pauljamescleary avatar Jan 01 '18 18:01 pauljamescleary

@paulcleary @zakpatterson I wanted to give a try to TSec so I started working on the issue. I have the implementation almost ready but I python is a no-no for me. Do you want me to leave PR without the Python part for someone who is willing to help with it ? Or nah ?

monadplus avatar Apr 10 '19 16:04 monadplus

I think starting a work-in-progress PR for the TSec stuff, and just leaving off the integration testing for it is a great idea.

As an aside, I do think the python has instructive value for people that come to the project from a python background. I also think adding integration testing using http4s's client libraries would be valuable. Once integration testing is built out using http4s I think there would be a case to be made to drop the python one since maintaining both would be annoying.

zakpatterson avatar Apr 10 '19 18:04 zakpatterson

I agree. It would be great for someone new to fs2 to build integration tests using the streaming http client from http4s. Although you could just run the non-streaming one which is designed specifically for testing.

I'll try to finish and polish the work-in-progress PR about TSec during the next week. Some feedback will be nice :)

monadplus avatar Apr 10 '19 18:04 monadplus