auth

[grounded042]

For the admin panel, we need authentication. This will be handled via JWT. To incorporate this, we will need several endpoints with corresponding logic and SQL tables.

• endpoints
  • GET /auth/token - refresh a current token. Hit this endpoint with a valid token and you will receive a new, valid token.
  • POST /auth/token - login. User credentials are sent here and a valid JWT is returned to be used in all requests that need authentication.
  • DELETE /auth/token - logout. Hit this endpoint with a valid token, and your token will be marked as invalid.
• SQL - we will need tables to hold user information
  • users
    • user_id
    • email
    • first_name
    • last_name
    • created_at
    • updated_at
  • user_logins
    • user_login_id
    • fk_user_id
    • salt
    • password
    • created_at
    • updated_at
• routes - we will need to add an attribute to routing so that routes can opt into user auth. Note that if a route opts out of auth, the controller could reject a call because there is no user obj on it
• controllers - the coordination controller will take of getting user objects from the db and passing those objects down to methods that need them to make business logic decisions

[grounded042]

to "opt into" auth, a handler will have to handle this. The middleware for auth will check for a token and if a token is present, validate it. If the token is valid, the user id will be added to the context as UserId. The handler/controller will then have to check for the existence of UserId and can act accordingly.