Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extending the user model, which one to use? #98

Open
afidegnum opened this issue Mar 28, 2023 · 7 comments
Open

Extending the user model, which one to use? #98

afidegnum opened this issue Mar 28, 2023 · 7 comments

Comments

@afidegnum
Copy link

Hi,
I really love the authentication mechanism posted. I was looking to implement something secured in a similar manner.
I noticed there are 3 user models with different security implementation.
Which one is the definite model which can be extended on? i.e adding custom bio, picture etc... ?
@afidegnum afidegnum changed the title What's the main user's table? Extending the user model, which one to use? Mar 28, 2023
@9876691
Copy link
Contributor

9876691 commented Mar 28, 2023

@afidegnum Hi.

The users table is where you could bio, picture etc.

CREATE TABLE users (
    id SERIAL PRIMARY KEY, 
    email VARCHAR NOT NULL UNIQUE, 
    hashed_password VARCHAR NOT NULL, 
    reset_password_selector VARCHAR,
    reset_password_verifier_hash VARCHAR,
    created_at TIMESTAMP NOT NULL DEFAULT NOW(),
    updated_at TIMESTAMP NOT NULL DEFAULT NOW()
);

Barricade will just ignore those fields.

Does that answer your question?

@afidegnum
Copy link
Author

Thanks, I'm immensely grateful for your prompt response,
Let me implement it and keep you updated.

@afidegnum
Copy link
Author

please permit me to also ask, what's the difference between actix-server/src/ auth and encrypted_auth ? Which ones bypass a proxy?
My intent: I have a javascript front end already built, I want to be able to register and authenticate via api as and use jwt authentication maybe using session and cookies as well.
Can you please advise?

@9876691
Copy link
Contributor

9876691 commented Mar 28, 2023

@afidegnum

So I had 2 use cased when I built this. One is for normal authentication implemented in the auth folder.

This is the one you would want to use.

encrypted_auth is my other use case where I build applications that encrypt data on the users behalf. i.e. https://cloak.software

@afidegnum
Copy link
Author

One last question, how do i authenticate a protected page? i.e. a user is visiting /profile, he should be redirected to login if his session is not active.

@afidegnum
Copy link
Author

@ianpurton What do I replace JWT with in your project?

@9876691
Copy link
Contributor

9876691 commented Mar 28, 2023

So barricade sits in front of your application and intercepts all requests. So you /profile page is automatically protected.

In your backend you will receive a HTTP header called x-user-id which will be the user id from your users table.

You don't need to do anything else barricade handles the session for you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@9876691 @afidegnum