add boilerplate auth server to create JWT tokens #848
Conversation
|
Beep boop! 🤖 Hey @peterjgrainger, thanks for your PR! One of my human friends will review this PR and get back to you as soon as possible. 🕐 Stay awesome! 😎 |
|
petergrainger seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
|
Review app available at: https://hge-ci-pull-848.herokuapp.com |
|
Please don't use |
|
@revskill10 I was trying to be consistent with the other boilerplates such as https://github.com/hasura/graphql-engine/tree/master/community/boilerplates/auth-webhooks/passport-js Do you mean to set up the users table using the GraphQL client? I was trying to make the process as easy to use as possible, it's only saving the user against a password? Maybe I could use redux or other simple data store instead? |
|
Review app available at: https://hge-ci-pull-848.herokuapp.com |
|
Yes, it's simpler than using a third party library like |
|
Review app available at: https://hge-ci-pull-848.herokuapp.com |
|
@revskill10 maybe i could add migrations and use the hasura cli? https://docs.hasura.io/1.0/graphql/manual/migrations/index.html |
|
I think you can just deploy a staging server for hasura, the code only uses graphql instead. You can put static schema file in repo optionally. |
|
Review app available at: https://hge-ci-pull-848.herokuapp.com |
|
@revskill10 updated as suggested. Let me know if there is anything else that should be changed |
|
Review app available at: https://hge-ci-pull-848.herokuapp.com |
|
@peterjgrainger Thank you so much for your work! This will be very helpful to folks looking at getting started with a simple JWT auth server. 🎉 I'll be reviewing this along with @ecthiender and @arvi3411301. Also, please do sign the CLA so that we can merge your PR into the repo! |
|
@coc98 Yeah I thought the same thing then realized there is a hook in the
schema file that adds the salt using bcrypt calling it a token
…On Mon, 29 Oct 2018, 06:16 Tanmai Gopal, ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In community/boilerplates/jwt-authentication-server/controllers/user.js
<#848 (comment)>:
> + req.assert('username', 'Username is not valid').notEmpty();
+ req.assert('password', 'Password must be at least 4 characters long').len(4);
+ req.assert('confirmPassword', 'Passwords do not match').equals(req.body.password);
+
+ const errors = req.validationErrors();
+
+ if (errors) {
+ return res.status(400).json({'errors': errors});
+ }
+
+ try {
+ await User.query()
+ .allowInsert('[username, password]')
+ .insert({
+ username: req.body.username,
+ password: req.body.password
Shouldn't this password be salted/hashed and saved. Maybe use a standard
password creating library? This library will be used during signup for
inserting, and comparing passwords when logging in?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#848 (review)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABRUq763ZXfVMNQU6Ze40CRhQ2hDAMBDks5upp0qgaJpZM4X3uWQ>
.
|
|
@coco98 I signed the CLA multiple times but the check is still failing it says the email used in the commit is not on my account but it is registered in github Also I'm not sure why the circleCI build failed? It passed when I did the initial change |
|
@peterjgrainger, can you please try again, wanted to see this in the community. |
|
is this finally finished? thanks a lot |
|
Closing this PR in response to [4442]. |
|
Beep boop! 🤖 Hey @peterjgrainger! Sorry that your PR wasn’t merged. Do take a look at any of the other open issues to see if you’d like to take something up! We’re around on Discord if you have any questions 😄 |
Add a boilerplate for creating a jwt authentication server to provide tokens to be used with the graphQL engine. See the docker-compose configuration and the README to see how to test.
close #451
Description
Creates the auth server described here: https://docs.hasura.io/1.0/graphql/manual/auth/jwt.html to create tokens to be decoded by the GraphQL server.
What component does this PR affect?
Requires changes from other components? If yes, please mark the components:
Related Issue
n/a
Solution and Design
Based very closely on boilerplate with passportjs but without the webhook. Uses an environment variable to set the JWT signing key.
Allows a user to signup (saves user in postgres) then login using that user.
JWT contains userID from the database their username and the required hasura claims including the role
userand signs with JWT signing keyType
Checklist: