felixmosh / bull-board

🎯 Queue background jobs inspector
MIT License
2.32k stars 364 forks source link

Feature request: Authorize button for Req Headers Authorization Token text input #832

Open eternalee opened 1 month ago

eternalee commented 1 month ago

Feature request:

Similar to how Swagger UI Docs have an Authorize button at the top, where the user can paste in a bearer Authorization token into the request headers, is it possible to add an Authorize button to the top of Bull Board? It could popup a modal for the user to paste in a bearer token. Then if it is provided, is it possible for all the subsequent Bull Board requests to include that bearer token in the request headers? I imagine we can then use the BullBoard middleware to check permissions.

The Passport auth example is great but I think this approach would give us more granular job/request-level access validation.

Thank you!

felixmosh commented 1 month ago

Hi, I'm not sure I get your use-case, why do you need granular validation? How auth token will provide that?

eternalee commented 1 month ago

For example, different users have access to different bull jobs and the auth token may have roles stored inside

felixmosh commented 1 month ago

Ok, but this is exactly what the auth example does... Put a cookie with JWT, and in the middleware check you custom selection, no?

eternalee commented 1 month ago

Yes a cookie implementation works but I think something like how the auth token input is done in Swagger may be a bit more user-friendly, as a suggestion.

felixmosh commented 1 month ago

Swagger is an API docs app, it does make to allow adding an authorization header there.

If you have any specific flow that the board is not supports, I can check if it is relevant for it, or suggest other alternative, auth by default is not part of this lib.