Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/courajs/cardstack-open-sesame

Simple password protection for write operations with CardStack
https://github.com/courajs/cardstack-open-sesame

cardstack ember ember-addon

Last synced: 1 day ago
JSON representation

Simple password protection for write operations with CardStack

Host: GitHub
URL: https://github.com/courajs/cardstack-open-sesame
Owner: courajs
License: mit
Created: 2017-05-05T00:30:32.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2018-10-11T02:32:57.000Z (about 6 years ago)
Last Synced: 2024-11-07T08:46:22.655Z (about 2 months ago)
Topics: cardstack, ember, ember-addon
Language: JavaScript
Homepage:
Size: 77.1 KB
Stars: 0
Watchers: 1
Forks: 1
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

README

        # cardstack-open-sesame

This is a minimum viable authenticator for CardStack.

If you're building something small, or something for personal use, or

simply don't want to deal with various users with various permissions,

this will let you simply require a single password to enable writes.

## Usage with your cardstack app

Note: I'll be assuming you're using `@cardstack/git`. These instructions

will be a little verbose, since they're compensating for a lack of

cardstack documentation.

### 1 - Install

```

ember install cardstack-open-sesame

```

### 2 - Activate

Like all cardstack plugins, you need to activate it with a

`plugin-config` entry. Since this plugin includes authentication, you'll

also need to add an `authentication-source`. And since we provide a

searcher for the admin user, you'll need to add a `data-source`. Add the

following to your `cardstack/seeds/development.js` file:

```js

{

  type: 'plugin-configs',

  id: 4,                      // any unique id

  attributes: {

    module: 'cardstack-open-sesame'

  }

},

{

  type: 'authentication-sources',

  id: 'open-sesame',

  attributes: {

    'authenticator-type': 'cardstack-open-sesame'

  }

},

{

  type: 'data-sources',

  id: 1,                      // any unique id

  attributes: {

    'source-type': 'cardstack-open-sesame'

  }

}

```

### 3 - Grants

When you first install `@cardstack/git` and pull in its seeds file, It

has a full grant for write operations without any authentication. Find

the grant, and add a `who` entry for `admin`:

```js

// before

{

  type: 'grants',

  id: 0,

  attributes: {

    'may-create-resource': true,

    'may-update-resource': true,

    'may-delete-resource': true,

    'may-write-field': true

  }

}

```

```js

// after

{

  type: 'grants',

  id: 0,

  attributes: {

    'may-create-resource': true,

    'may-update-resource': true,

    'may-delete-resource': true,

    'may-write-field': true

  },

  relationships: {

    who: {

      data: { type: 'admin-users', id: 'admin' }

    }

  }

}

```

### 4 - Set the password

Now, just launch your server with the `OPEN_SESAME` environment variable

set to the desired password. Server-side authentication is now up and

running! Now to get it set up on the front end.

### 5 - Adapter & Authorizer

Ensure your app's adapter & authorizer are set up:

```js

// app/adapters/application.js

import DS from 'ember-data';

import Metable from 'ember-resource-metadata/adapter-mixin';

import Branchable from '@cardstack/tools/mixins/branch-adapter';

import DataAdapterMixin from 'ember-simple-auth/mixins/data-adapter-mixin';

export default DS.JSONAPIAdapter.extend(DataAdapterMixin, Metable, Branchable, {

  namespace: 'cardstack',

  authorizer: 'authorizer:cardstack'

});

```

```js

// app/authorizers/cardstack.js

import Ember from 'ember';

import Authorizer from 'ember-simple-auth/authorizers/base';

const { isEmpty } = Ember;

export default Authorizer.extend({

  authorize(data, block) {

    const accessToken = data.meta.token;

    if (!isEmpty(accessToken)) {

      block('Authorization', `Bearer ${accessToken}`);

    }

  }

});

```

### 6 - Authenticate within your app

Set up a login action or something in your app:

```js

// app/login/controller.js

import Ember from 'ember';

const {

  Controller,

  inject

} = Ember;

export default Controller.extend({

  session: inject.service(),

  actions: {

    login(password) {

      return

      this.get('session').authenticate('authenticator:cardstack', 'open-sesame', { password });

    }

  }

});

```

You'll probably want to set up a route with a password form somewhere to

trigger this action. 

## All set!

You should be all set now! Verify it's working by attempting a write

while signed out. It should fail with a 401. Now log in, and write

again. It should work!

If you're having any trouble, feel free to reach out in the ember

community slack (my handle is `@courajs`).