Authenticate #19
Authenticate #19
Conversation
|
|
||
| exports.setup = function (api, express) { | ||
| api.use(express.cookieParser()); | ||
| api.use(express.session({ secret: 'THIS IS A SECRET' })); |
There was a problem hiding this comment.
put a example secret in config.js.example and put the local secret in config.js
| // serialize users into and deserialize users out of the session. Typically, | ||
| // this will be as simple as storing the user ID when serializing, and finding | ||
| // the user by ID when deserializing. However, since this example does not | ||
| // have a database of user records, the complete Google profile is serialized |
There was a problem hiding this comment.
Should we wack 'connect-redis' in at the same time?
https://npmjs.org/package/connect-redis
|
How much do you think it will it take to get this finished? |
|
The splitting out in to separate authentication module is still missing! |
| @@ -24,8 +24,11 @@ | |||
| "dependencies": { | |||
| "express": "~3.4.6", | |||
| "q": "~0.9.7", | |||
| "elasticsearch": "~1.0.3", | |||
| "sage": "~0.4.2", | |||
|
check this https://github.com/petteraas/retrospectacular/tree/MrFjellstad-authenticate_2 it's written on top of your code from this pr. it adds a user type to the index template, simple CRUD for user, it creates a new user in ES ( or loads existing ) based on the Google authenticate (displayName is probably not the best field to check for, but it works for now). it uses redis as session store. |
This is more a RFC, so don't just wack it in!
It is lacking a good error response when you try to access resources you don't have access to in the frontend, but that is easy to fix.
It is blocking the wordcloud if you don't authenticate. This is by design, and meant as an example.
The backend needs more work on the user management. It needs to store the user and maybe give it an id so we can use it for something useful!