Add user authentication

chance-nelson commented 5 years ago

Add a way for users to log in to the system, and only allow authenticated users to append into the queue and skip the current song.

Preferably, utilize these technologies:

JSON Web Tokens: These serve as stateless tokens for the users to prove their identity after authentication
Mongoengine: This is an ORM for MongoDB, where we will store user credentials
bcrypt: User passwords should always be hashed and salted when stored

Endpoint

/api/auth:

GET: Users insert their credentials in the Authorization header, using basic authentication. If the credentials are correct, generate a JSON Web Token containing their username, and return it with the 200 status code. Otherwise, return 401.

Once this is implemented, alter the /stream/skip and the POST version of /stream/queue to require the JWT to be present in the Authorization header, under the bearer method.

palaparthi commented 5 years ago

I can take this up

Glyphack commented 5 years ago

Maybe it should split into two issues:

Monoengine
User authentication

chance-nelson / SnowStorm

Add user authentication #7

Endpoint