lane711 / sonicjs

SonicJs Headless CMS - Blazing Fast Headless CMS built on Cloudflare Workers. 100% Javascript Based
https://sonicjs.com
MIT License
923 stars 118 forks source link

Add Account managment #188

Open lane711 opened 1 year ago

lane711 commented 1 year ago

This will expand on:

185

Add full account management:

  1. user registration endpoint
  2. roles / role mapping
  3. user login endpoint (returns token)
  4. add databases tables with migrations (via drizzle)
acoreyj commented 1 year ago

Would implementing with Lucia make sense?

https://lucia-auth.com/database-adapters/cloudflare-d1

https://github.com/pilcrowOnPaper/lucia

lane711 commented 1 year ago

Yes! This looks perfect for out needs at this stage. Thank you for making us aware of this

On Thu, Aug 17, 2023 at 5:00 PM Corey Jepperson @.***> wrote:

Would implementing with Lucia make sense?

https://lucia-auth.com/database-adapters/cloudflare-d1

https://github.com/pilcrowOnPaper/lucia

— Reply to this email directly, view it on GitHub https://github.com/lane711/sonicjs/issues/188#issuecomment-1683132501, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABBGCC3OSRBPYPTJ65M5E4TXV2WBBANCNFSM6AAAAAA2RZQKOQ . You are receiving this because you authored the thread.Message ID: @.***>

chrisspiegl commented 1 year ago

I see there is an implementation in progress. Would it make sense to integrate with Zero Trust from CloudFlare for authentication purpose? Just a thought to keep things in the CloudFlare stack of possibilities?

I do see taht the Lucia library also would use D1 which makes it also Cloudflare only 👍.

lane711 commented 1 year ago

thx @chrisspiegl I actually haven't looked into Zero Trust, but thanks for making me aware. I'll check it out

chrisspiegl commented 1 year ago

I just setup Zero Trust myself for a few things and it's really fascinating how powerful it is.

As far as I understand it, it would not support any way to have people register an account for themselves… but for the type of content management Sonic is supposed to do, I believe a manual "admin adds you to the allowed users" would be perfectly fine (or give access to all email addresses ending in @your-company.com).

Zero trust can be easily setup to completely block access to any domain (and path) on the cloudflare network. And it has built in auth methods which you then do not have to worry about at all.

Making it very flexible & basically a "no code" implementation for Sonic to just be behind a login system that's on Cloudflare anyways.

I am kind of excited about the possibilities & especially the possibility to have less / no code on my end when using Zero Trust 👍.

lane711 commented 1 year ago

@chrisspiegl this sounds great. So would we still store user account info in our D1 database or is that managed too? I'll have to dive into this once time permits.

chrisspiegl commented 1 year ago

@lane711 the user information is completely stored in Zero Trust and one can activate a handful of auth providers (where you have to then have your own app registrations with). Things like Facebook, Google, GitHub, etc. are supported out of the box.

The one thing I don't know at this point (because up to this point I did not care) is: if it is possible to then "relate a user login to a content piece".

But if it's just for "certain people can get access" type thing… that is definitely possible with Zero Trust.