authboss icon indicating copy to clipboard operation
authboss copied to clipboard
verified publisher icon volatiletech

Wiki pages for newbies that summarizes all the problems and doubts to get authboss up and running

Open frederikhors opened this issue 7 years ago • 3 comments

I'm a newbie both in Go and authboss.

I would like to open a wiki page (or more) for newbies that summarizes all the problems and doubts I had and that clearly explains how to get authboss up and running in your Go project.

What do you think, @aarondl?

Before starting I would like to recap here what I have already done and what I have not yet understood how to do:

Remember me

  • [x] Remember me cookie in authboss-sample has MaxAge=Session. Explanation. (issue: https://github.com/volatiletech/authboss/issues/217). Closed. Was a bug in https://github.com/volatiletech/authboss-clientstate/commit/0943df8b4e0576d1e0f71c362687962ddda300f6

  • [x] Remember me with or without checkbox in authboss-sample save "rm" cookie and session in DB anyway (issue: https://github.com/volatiletech/authboss/issues/215). Closed. Was a bug in https://github.com/volatiletech/authboss-clientstate/commit/0943df8b4e0576d1e0f71c362687962ddda300f6

  • [ ] Remember me, DB struct (table) hints. (issue: https://github.com/volatiletech/authboss/issues/218)

  • [x] Proposal: Implement shallow remember me (issue: https://github.com/volatiletech/authboss/issues/212). Not enough interest on the subject to invest time.

  • [x] Doubt about theft prevention (issue: https://github.com/volatiletech/authboss/issues/227)

  • [x] Expired tokens in DB table (issue: https://github.com/volatiletech/authboss/issues/228)

  • [ ] Race condition for "Remember Me" module (issue: https://github.com/volatiletech/authboss/issues/281)

  • [ ] "Remember me" enabled by default if module installed (issue: https://github.com/volatiletech/authboss/issues/282)

  • Redirects

  • [ ] Doubts about login/logout redir behaviour (issue: https://github.com/volatiletech/authboss/issues/236)

  • [ ] Is it possibile to use CorceRedirectTo200 in master? (issue: https://github.com/volatiletech/authboss/issues/251)

  • Cookies

  • [x] Where is the session persisted? Is there a way to use cookie as a session storage even with its limits (4KB)? (like Rails devise gem does) (issue: https://github.com/volatiletech/authboss/issues/213) @aarondl answered perfectly. Added in FAQ (https://github.com/volatiletech/authboss/wiki/FAQ).

  • API mode

  • [ ] Do I need CSRF protection for /login endpoint? (issue: https://github.com/volatiletech/authboss/issues/247)

  • [ ] Message {"status":"success"} on GET call on /login endpoint? (issue: https://github.com/volatiletech/authboss/issues/248)

  • [ ] Total compatibility as API endpoint (issue: https://github.com/volatiletech/authboss/issues/283)

  • Various

  • [x] Override default templates using scss/less/js assets (writing wiki page with just some advices...)

  • [x] CurrentUser() vs LoadCurrentUser(). What is the right one to use? (issue: https://github.com/volatiletech/authboss/issues/220) @aarondl answered perfectly. Added in FAQ (https://github.com/volatiletech/authboss/wiki/FAQ).

  • [ ] Content-Type: application/json and RespondUnauthorized/RespondRedirect with panic (issue: https://github.com/volatiletech/authboss-sample/issues/29)

  • [x] Hooks for authboss routes (issue: https://github.com/volatiletech/authboss/issues/221)

  • [ ] Using authboss with Gorm and Postgresql (doubts about columns and indexes, issue: https://github.com/volatiletech/authboss/issues/209). Started draft: https://github.com/volatiletech/authboss/wiki/Using-Authboss-with-Gorm-and-Postgresql

  • [ ] "Redirect template for page" problem (issue: https://github.com/volatiletech/authboss/issues/208) requesting middleware auth protected page with Content-Type: application/json header

  • [ ] Lists all possible security holes using authboss-sample as it is and what to do to make it stronger. Also check authboss-sample based on with https://www.calhoun.io/securing-cookies-in-go

  • [ ] Integrate it with Buffalo (some problems fixed, but still not 100% integration): https://github.com/frederikhors/buffalo-authboss-sample

  • [ ] Use with precompiled templates, eg. with Quicktemplate (issue: https://github.com/volatiletech/authboss/issues/239)

frederikhors avatar Jan 05 '19 19:01 frederikhors

Sounds fine to me.

aarondl avatar Jan 06 '19 03:01 aarondl

I should say it'd be nice to not have to support and maintain anything relating to integration with buffalo. You may want to continue to host that buffalo-authboss-sample and keep it up to date as I don't need any additional work :)

aarondl avatar Jan 06 '19 03:01 aarondl

I should say it'd be nice to not have to support and maintain anything relating to integration with buffalo. You may want to continue to host that buffalo-authboss-sample and keep it up to date as I don't need any additional work :)

Ok. No prob. :)

frederikhors avatar Jan 06 '19 11:01 frederikhors