Add token based api auth #217
Conversation
|
|
||
| #[derive(Debug, Deserialize, Serialize)] | ||
| // Represents the data structure for the API token. | ||
| pub struct ApiToken { |
There was a problem hiding this comment.
I am wondering,
how possible is it to say:
pub struct ApiToken<T>
... everything depends on T
... includng the extractor
and we know that T should eventually be users::Model,
maybe this T will be a T: Trait where T: FetchByApiKey,
and the User impl that FetchByApiKey.
Now this middleware becomes shareable by everyone
PS: i think we can adopt the same pattern for the JWT auth by creating a trait T: FetchByJWT
There was a problem hiding this comment.
The API token is generated within the user app (Loco framework is not familiar with that). In this scenario, I think the parameter is meaningless, as the user has complete control over it.
About the FetchByJWT i totally agree. maybe we can consider moving the claims to be a
There was a problem hiding this comment.
Notice what I did in the latest commit. I had a feeling if we move things around we might get something, I think it worked:
Authenticable trait lets us encapsulate all the logic, and then -- just refer to an extractor. Use ApiToken<T> and ApiToken<users::Model> to give Rust all the type information it needs to resolve.
On this "Authenticable" concept we can also encode the JWT behavior, and "capture" a user just like in api key auth.
There is a good chance that instead of having claims we can have the actual user model if we use the same trick.
|
Looks good @jondot, I reverted the middleware that I created. but keep the migration changes. wen releasing a new version I'll add the controller to the starters Let me know if you want more changes from my side |
token based API auth #115