{"id":18667223,"url":"https://github.com/courajs/cardstack-open-sesame","last_synced_at":"2026-05-17T15:03:01.734Z","repository":{"id":146899983,"uuid":"90321495","full_name":"courajs/cardstack-open-sesame","owner":"courajs","description":"Simple password protection for write operations with CardStack","archived":false,"fork":false,"pushed_at":"2018-10-11T02:32:57.000Z","size":79,"stargazers_count":0,"open_issues_count":1,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-12-27T18:13:20.019Z","etag":null,"topics":["cardstack","ember","ember-addon"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/courajs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-05-05T00:30:32.000Z","updated_at":"2017-05-18T14:21:58.000Z","dependencies_parsed_at":null,"dependency_job_id":"1a8a0f20-5a13-4570-84d3-63e75d92e2e2","html_url":"https://github.com/courajs/cardstack-open-sesame","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/courajs%2Fcardstack-open-sesame","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/courajs%2Fcardstack-open-sesame/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/courajs%2Fcardstack-open-sesame/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/courajs%2Fcardstack-open-sesame/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/courajs","download_url":"https://codeload.github.com/courajs/cardstack-open-sesame/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239493676,"owners_count":19647995,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cardstack","ember","ember-addon"],"created_at":"2024-11-07T08:37:21.848Z","updated_at":"2025-11-06T14:30:30.731Z","avatar_url":"https://github.com/courajs.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cardstack-open-sesame\n\nThis is a minimum viable authenticator for CardStack.\n\nIf you're building something small, or something for personal use, or\nsimply don't want to deal with various users with various permissions,\nthis will let you simply require a single password to enable writes.\n\n## Usage with your cardstack app\n\nNote: I'll be assuming you're using `@cardstack/git`. These instructions\nwill be a little verbose, since they're compensating for a lack of\ncardstack documentation.\n\n### 1 - Install\n\n```\nember install cardstack-open-sesame\n```\n\n### 2 - Activate\n\nLike all cardstack plugins, you need to activate it with a\n`plugin-config` entry. Since this plugin includes authentication, you'll\nalso need to add an `authentication-source`. And since we provide a\nsearcher for the admin user, you'll need to add a `data-source`. Add the\nfollowing to your `cardstack/seeds/development.js` file:\n\n```js\n{\n  type: 'plugin-configs',\n  id: 4,                      // any unique id\n  attributes: {\n    module: 'cardstack-open-sesame'\n  }\n},\n{\n  type: 'authentication-sources',\n  id: 'open-sesame',\n  attributes: {\n    'authenticator-type': 'cardstack-open-sesame'\n  }\n},\n{\n  type: 'data-sources',\n  id: 1,                      // any unique id\n  attributes: {\n    'source-type': 'cardstack-open-sesame'\n  }\n}\n```\n\n### 3 - Grants\n\nWhen you first install `@cardstack/git` and pull in its seeds file, It\nhas a full grant for write operations without any authentication. Find\nthe grant, and add a `who` entry for `admin`:\n\n```js\n// before\n{\n  type: 'grants',\n  id: 0,\n  attributes: {\n    'may-create-resource': true,\n    'may-update-resource': true,\n    'may-delete-resource': true,\n    'may-write-field': true\n  }\n}\n```\n\n```js\n// after\n{\n  type: 'grants',\n  id: 0,\n  attributes: {\n    'may-create-resource': true,\n    'may-update-resource': true,\n    'may-delete-resource': true,\n    'may-write-field': true\n  },\n  relationships: {\n    who: {\n      data: { type: 'admin-users', id: 'admin' }\n    }\n  }\n}\n```\n\n### 4 - Set the password\n\nNow, just launch your server with the `OPEN_SESAME` environment variable\nset to the desired password. Server-side authentication is now up and\nrunning! Now to get it set up on the front end.\n\n\n### 5 - Adapter \u0026 Authorizer\n\nEnsure your app's adapter \u0026 authorizer are set up:\n\n```js\n// app/adapters/application.js\nimport DS from 'ember-data';\nimport Metable from 'ember-resource-metadata/adapter-mixin';\nimport Branchable from '@cardstack/tools/mixins/branch-adapter';\nimport DataAdapterMixin from 'ember-simple-auth/mixins/data-adapter-mixin';\n\nexport default DS.JSONAPIAdapter.extend(DataAdapterMixin, Metable, Branchable, {\n  namespace: 'cardstack',\n  authorizer: 'authorizer:cardstack'\n});\n```\n\n```js\n// app/authorizers/cardstack.js\nimport Ember from 'ember';\nimport Authorizer from 'ember-simple-auth/authorizers/base';\n\nconst { isEmpty } = Ember;\n\nexport default Authorizer.extend({\n  authorize(data, block) {\n    const accessToken = data.meta.token;\n\n    if (!isEmpty(accessToken)) {\n      block('Authorization', `Bearer ${accessToken}`);\n    }\n  }\n});\n```\n\n### 6 - Authenticate within your app\n\nSet up a login action or something in your app:\n\n```js\n// app/login/controller.js\nimport Ember from 'ember';\n\nconst {\n  Controller,\n  inject\n} = Ember;\n\nexport default Controller.extend({\n  session: inject.service(),\n\n  actions: {\n    login(password) {\n      return\n      this.get('session').authenticate('authenticator:cardstack', 'open-sesame', { password });\n    }\n  }\n});\n```\n\nYou'll probably want to set up a route with a password form somewhere to\ntrigger this action. \n\n## All set!\nYou should be all set now! Verify it's working by attempting a write\nwhile signed out. It should fail with a 401. Now log in, and write\nagain. It should work!\n\nIf you're having any trouble, feel free to reach out in the ember\ncommunity slack (my handle is `@courajs`).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcourajs%2Fcardstack-open-sesame","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcourajs%2Fcardstack-open-sesame","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcourajs%2Fcardstack-open-sesame/lists"}