Developed React Front End with Authentication Per User

laardee / serverless-authentication-boilerplate

Generic authentication boilerplate for Serverless framework

http://laardee.github.io/serverless-authentication-gh-pages

MIT License

569 stars 72 forks source link

Developed React Front End with Authentication Per User #20

Open jcummins54 opened 7 years ago

jcummins54 commented 7 years ago

I've forked the latest version of the master branch as of today (11/02/2016) and integrated with the serverless-react-boilerplate. Features are:

Writes user data to user table.
Authenticates per user so that one user cannot modify another's data.
Authenticates user before responding with auth token to prevent hacking.

Working demo here: http://sls-react-auth.s3-website-us-east-1.amazonaws.com/ (facebook login only).

See: https://github.com/jcummins54/serverless-react-boilerplate and https://github.com/jcummins54/serverless-authentication-boilerplate

Would be happy to collaborate to make this a branch here.

laardee commented 7 years ago

Yes, absolutely, I quickly went though the code and these are good changes.

I was thinking to create the users table and then I thought that maybe developers want to choose between different databases, but I guess it is good to create that table, least as an example.

jcummins54 commented 7 years ago

I've made quite a few changes to localize all environment settings into one file, so different deployments can be easily configured and tested. My latest is this branch: https://github.com/jcummins54/serverless-authentication-boilerplate/tree/react-authenticate which is set up to work with the front end React client from this branch: https://github.com/99xt/serverless-react-boilerplate/tree/react-authenticate

Changes include:

All environment variables set in authentication/env.yml
Everything pulls its settings from this file including the test suite and the test-token
Modified specs-docker.sh to remove env variables which are no longer needed there. Also, docker was looking for a .env in the root folder, so it creates a blank one and deletes it just to keep docker happy. All environment variables are loaded from authentication/env.yml

Happy to get your feedback.

laardee commented 7 years ago

@jcummins54 Nice, I'll check this later today, could you open a PR? I took a quick look to changes and those would be great additions.

jcummins54 commented 7 years ago

Sure, but take a look at line 19 on the authorizeHandler.js https://github.com/jcummins54/serverless-authentication-boilerplate/blob/react-authenticate/authentication/lib/handlers/authorizeHandler.js

It's set up to parse a method arn structured specifically like this: arn:aws:execute-api:<regionId>:<accountId>:<apiId>/<stage>/<method>/<resourcePath>/<userId>/<function>

I was thinking it would be a good idea to templatize this somehow so it can be configured in the env.yml instead of editing the code.

rogueturnip commented 6 years ago

Is there any plan to collapse these two repositories into a single code base? Even without the react part but just the other enhancements.

The other thing I'm wondering, my use case is a bit different, I don't want to authenticate users to access API endpoints but I want to do the authentication to fetch the access_token to access the APIs. As example, getting the access_token from the google authentication so I can access the google apis.

Thanks!