Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/alexandrevilain/postgrest-auth

Easily add authentication to your postgrest API
https://github.com/alexandrevilain/postgrest-auth

authentication email golang postgresql postgrest sql

Last synced: about 16 hours ago
JSON representation

Easily add authentication to your postgrest API

Host: GitHub
URL: https://github.com/alexandrevilain/postgrest-auth
Owner: alexandrevilain
License: mit
Created: 2018-11-30T14:17:39.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2019-02-14T16:38:08.000Z (almost 6 years ago)
Last Synced: 2024-06-20T00:34:58.332Z (5 months ago)
Topics: authentication, email, golang, postgresql, postgrest, sql
Language: Go
Homepage:
Size: 1.32 MB
Stars: 18
Watchers: 3
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Postgrest-auth

This project is inspired of [postgrest-auth](https://www.npmjs.com/package/postgrest-auth). But it's writting in golang, it's actively maintained, and email are using the [hermes](https://github.com/matcornic/hermes) library to be prettier.

The goal of this project is to provide the whole authentication features for a postgrest-prowered API. It must be deployed alongside your API and share the same jwt secret with your postgrest instance.

## Installation

Using docker:

```bash
docker run -p 3001:3001 \
-e POSTGREST_AUTH_DB_CONNECTIONSTRING=postgres://user:pass@localhost/db \
-e POSTGREST_AUTH_EMAIL_AUTH_PASS=pass \
[...]
alexandrevilain/postgrest-auth
```

## API

#### Sign in

POST /signin

```bash
curl -X POST http://localhost:3001/signin \
-H 'Content-Type: application/json' \
-d '{ "email": "[email protected]", "password": "password" }'
```

#### Sign up

POST /signup

```bash
curl -X POST http://localhost:3001/signup \
-H 'Content-Type: application/json' \
-d '{ "email": "[email protected]", "password": "password" }'
```

#### Confirm email address

GET /confirm/{id}?token={token}

#### Ask for password reset

POST /reset

```bash
curl -X POST http://localhost:3001/reset \
-H 'Content-Type: application/json' \
-d '{ "email": "[email protected]" }'
```

#### Reset password

POST /reset/:token

```bash
curl -X POST http://localhost:3001/reset/{token} \
-H 'Content-Type: application/json' \
-d '{ "password": "mynewpassword" }'
```

#### Google Sign in

POST /provider/google

```bash
curl -X POST \
http://localhost:3001/provider/google \
-H 'Content-Type: application/json' \
-d '{
"token": "",
"state":""
}'
```

#### Facebook Sign in

POST /provider/facebook

```bash
curl -X POST \
http://localhost:3001/provider/facebook \
-H 'Content-Type: application/json' \
-d '{
"token": "",
"state":""
}'
```

## Configuration

Many environment variables are availables to custom your postgrest-auth instance:

| Name
| ----------------------------------
| POSTGREST_AUTH_API_PORT
| POSTGREST_AUTH_API_TOKEN
| POSTGREST_AUTH_LINKS_RESET
| POSTGREST_AUTH_LINKS_CONFIRM
| POSTGREST_AUTH_JWT_EXP
| POSTGREST_AUTH_JWT_SECRET
| POSTGREST_AUTH_DB_CONNECTIONSTRING
| POSTGREST_AUTH_DB_ROLES_ANONYMOUS
| POSTGREST_AUTH_DB_ROLES_USER
| POSTGREST_AUTH_APP_NAME
| POSTGREST_AUTH_APP_LINK
| POSTGREST_AUTH_APP_LOGO
| POSTGREST_AUTH_EMAIL_FROM
| POSTGREST_AUTH_EMAIL_HOST
| POSTGREST_AUTH_EMAIL_PORT
| POSTGREST_AUTH_EMAIL_AUTH_USER
| POSTGREST_AUTH_EMAIL_AUTH_PASS
| POSTGREST_AUTH_API_ALLOWEDDOMAINS
| POSTGREST_AUTH_OAUTH2_STATE | Description | Default | | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------ | | The listening port of the service | 3001 | | The secret used to create the reset password token | supersecret | | The reset password link sent by email ("%v" will be replaced with the token) | http://localhost/reset/%v | | The confirm account link sent by email (The first %v will be replaced by the user's id and the second %v will be replaced by the confirm token ) | http://localhost/confirm/%v?token=%v | | The token expiration (in hours) | X | | The shared secret with postgrest | X | | Your dd connection string | X | | The role for anonymous users | X | | The role when users are authenticated | X | | The application's name where postgrest-auth is installed (your band name) | X | | Your appplication's website | X | | Your application's logo | X | | | X | | | X | | | X | | | X | | | X | | The list of allowed email domains for signup (comma-separated) | X | | Same state that you defined whene retrieving your access token | random-state |

## Integration with postgreSQL

This service automatically creates a schema named "auth" and roles defined used environment variables.
It provides you an helper fonction `auth.current_user_id()` that you can for instance use in your POLICES:

```sql
CREATE POLICY questions_update ON questions FOR UPDATE
USING (user_id = auth.current_user_id())
WITH CHECK (user_id = auth.current_user_id());
```

## TODO

- Unit tests

## Contributing

Feel free to send PRs!