delphimvcframework icon indicating copy to clipboard operation
delphimvcframework copied to clipboard

Published 20 hours ago verified publisher icon danieleteti

Comprehensive Demo/Template project

Open geoffsmith82 opened this issue 1 year ago • 4 comments
trafficstars

What would be good is a fairly complete demo that includes what would be necessary for an multi-user authenticated website created with DelphiMVCFramework. It would include things such as

  • authentication of users
  • admin interface
  • signup / email verification
  • forgot password
  • mfa
  • user profile editing
  • a way to easily extend functionality.

Currently the existing demos show how to implement various features - which is could to assist in understanding them and probably makes it easier to integrate into existing systems, but if you just want to get on with implementing your site from the start, there is a lot of code that needs to be written to get to the point of a secure and usable site.

geoffsmith82 avatar Jul 28 '24 10:07 geoffsmith82

You've covered off quite bit here. We're currently running:

  • a machine to machine web service handling around 800k requests per day (requests conforming to HL7 FHIR) with a lot of back end xml rules based validation

  • a web based JSON-RPC web UI application with read and write.

  • a htmx web ui application, mainly read only presentation used by 200k users on a daily basis

  • an internal configuration tool with read and write

  • a small server / desktop app using DMVC on the bac end and a VCL app communicating via a REST API All of these applications are secured with OAuth2 JWT tokens issued by a third party IdP. We've written a separate authorisation middleware layer based on Smart on FHIR which suits our application domain. Happy to share a little more via the facebook group if you ask. We've found that you need to understand that web apps have a different paradigm than traditional c/s or three tier apps but DMVC can smooth the migration once you figure out what belongs at each layer of the stack. Related to your initial questions, you need to separate the identity/authentication part of the functionality (IdP) from the authorisation (roles):

    authentication of users (IdP) admin interface (roles) signup / email verification (IdP/Roles) forgot password (IdP) mfa (IdP) user profile editing (Roles)

I would recommend using a third party OAuth2/OIDC service for the IdP functions and using application/role based functions for the rest.

fastbike avatar Jul 28 '24 11:07 fastbike

David, if you can describe your success case I think that could be inspirational for some new users. If you want to write a small doc describing such system I can publish on the blog, link from the project page etc.

Let me know

danieleteti avatar Jul 28 '24 14:07 danieleteti

Here is a quick demo of something I have been working on.

DelphiCMSEngine

geoffsmith82 avatar Aug 03 '24 13:08 geoffsmith82

@geoffsmith82 nice, can you contribute with this small sample? Will be revided and included in the samples folder, if you wish.

danieleteti avatar Jun 03 '25 14:06 danieleteti

Any news about this?

danieleteti avatar Jun 24 '25 15:06 danieleteti