Open tertek opened 1 month ago
[x] Setup "user" database (we will rename it from customers, since we are using a role based authorization model with roles "admin", "internal" and "customer").
[ ] Setup Authentication Routes and Actions/Services
[ ] Setup Session middleware to authorize frontend routes, such as customer/admin routes
[ ] Setup JWT middleware and token creation route and/or token management frontend
[ ] Setup protected API routes and implement business logic
Auth Specification:
Authentication will be based on Username and Password. Authorization will be based on Role-Based Access Control (RBAC), see SlimBook Vol.3, p. 55.
We will use different authorization implementations, depending on the route types:
Session based authorization for front-end routes, such as user pages. JWT stateless authorization for protected API routes.