https://github.com/mnesarco/sqlpage_auth_example

SQLPage Authentication and Authorization example
https://github.com/mnesarco/sqlpage_auth_example

postgresql sql sqlpage

Last synced: 11 months ago
JSON representation

SQLPage Authentication and Authorization example

• Host: GitHub
• URL: https://github.com/mnesarco/sqlpage_auth_example
• Owner: mnesarco
• License: mit
• Archived: true
• Created: 2023-12-29T01:05:20.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-12-29T14:24:54.000Z (over 2 years ago)
• Last Synced: 2025-03-12T15:17:00.083Z (about 1 year ago)
• Topics: postgresql, sql, sqlpage
• Language: PLpgSQL
• Homepage:
• Size: 225 KB
• Stars: 3
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Awesome Lists containing this project

README

          
# SQLPage Authentication and Authorization Example

This is a very basic example of authentication and authorization boilerplate using [SQLPage](https://github.com/lovasoa/SQLpage/). I try to avoid verbose code and duplication as much as possible.

# Features

* Login Form

* Signup Form

* Protected pages

* Role based access (RBAC)

* Resource ACL

# Install

```bash

git clone https://github.com/mnesarco/sqlpage_auth_example.git

cd sqlpage_auth_example

docker compose up

```

After docker services are up and runnig, Go to http://localhost:8087

# Demo users

* **user** has basic access

* **user2** has manager access

* **admin** has full access

Password of all users is the same: `demo`

# Authorization concept

There are **users** and **resources** in the system. They are related through **roles** and access control lists (**ACL**)

roles can be granted or revoked from users. Each role has a level access to a resource pattern.

![ER](auth.png)

You can check if the current session (logged in user) has access to a specific resource with a certain authorization level:

```sql

-- Check if current user has access to products resource with a minimum level of 30

SELECT ...

WHERE x_resource_access(sqlpage.cookie('session'), 'products', level);

```

You can also check if a user has some role:

```sql

-- Check if current user has admin or manager roles

SELECT ...

WHERE x_role_access(sqlpage.cookie('session'), 'admin', 'manager');

```

# Disclaimer

This is an example of a possible solution using the existing version of [SQLPage=0.17.1](https://github.com/lovasoa/SQLpage/)  Use at your own risk.