As discussed, we have some issues with authorization vs. authentication.
This is a complex issue because users are kind of at the root of most things on this site, so here's an outline of what needs to be done, probably (but not necessarily) in this order:
[x] See the viability of what passport is doing - is it doing what we expect before we decide to rewrite this entire thing?
[x] See the viability of express-session and connect-pg-simple; it looks like these two are storing too much info in the session table.
[x] Do authorization in our middleware; rather than setting res.locals.user to req.user, set res.locals.user to whatever was found in the DB. This should JOIN data from the session and users tables.
[x] Authentication via the GoogleStrategy should stay mostly the same, but double check on this.
- [x] If we decide to rewrite the system, ensure that the session works properly on login, logout, and repetitive requests.- [x] If we rewrite the entire system and we don't use connect-pg-simple and express-session, talk to me again, as we may be able to simplify the custom cookie flash system I made.
As discussed, we have some issues with authorization vs. authentication.
This is a complex issue because users are kind of at the root of most things on this site, so here's an outline of what needs to be done, probably (but not necessarily) in this order:
express-session
andconnect-pg-simple
; it looks like these two are storing too much info in the session table.res.locals.user
toreq.user
, setres.locals.user
to whatever was found in the DB. This shouldJOIN
data from thesession
andusers
tables.GoogleStrategy
should stay mostly the same, but double check on this.- [x] If we decide to rewrite the system, ensure that the session works properly on login, logout, and repetitive requests.- [x] If we rewrite the entire system and we don't useconnect-pg-simple
andexpress-session
, talk to me again, as we may be able to simplify the custom cookie flash system I made.