TsarFox
commented
3 years ago Force push represents a rebase onto backend-babes.
Pinging @aj8uppal
Closed TsarFox closed 3 years ago
TsarFox
commented
3 years ago Force push represents a rebase onto backend-babes.
Pinging @aj8uppal
TsarFox
commented
3 years ago Example usage:
jakob@Epsilon ~ $ curl -H "Accept: application/json" -X DELETE http://127.0.0.1:3000/api/v1/simulation/create
{"explanation":"Missing authorization token."}
jakob@Epsilon ~ $ curl -H "Accept: application/json" -X POST http://127.0.0.1:3000/api/v1/auth/login/callback
{"token":"[Long token.]"}
jakob@Epsilon ~ $ curl -H "Accept: application/json" -H "authorization: bearer [Long token.]" -X DELETE http://127.0.0.1:3000/api/v1/simulation/create
{"success":true}Server expects JWT_SECRET in the environment. For development purposes, this can be an arbitrary string. Dealing with this in deployment will demand attention.
This adds a big pain in the rear that can be disabled by setting
NODE_ENVtodev.Also, PLEASE review this thoroughly because I've scrapped a lot of things we originally had.
When we can eventually register as a Shibboleth SP, the login callback will set a cookie with a JWT containing information about i.e. whether or not the user is an instructor. For now,
/auth/login/callbackis a dummy endpoint that unconditionally sets an instructor cookie. You still need to pass that cookie as an HTTP header.Criticisms of this approach are appreciated.