Open mblakele opened 11 years ago
Glad to see you're working on it. I was just working on some simple user account registration code for a Roxy demo app. The user profile data is stored in Marklogic (/users/jdoe/profile.xml) and a session token is generated for logins. I haven't put any thought into the restricted views yet.
Is there any chance that I can get an early copy of your code?
Gary, see if you can integrate your profile code with the profile page in this pull request.
There is some app-level auth code in roxy today, but it is incomplete. I have some working code that I plan to clean up, unless someone is already working on this. The code breaks into these pieces:
req:rewrite
to protect pages for which login is required. I did this by adding a newprotect
element to$ROXY-ROUTES
, specifying the regex to protect and the exec privilege(s) required to access it. This is the best place to protect pages, because of the existing redirect handler andno-op.xqy
module.req:rewrite
protection, and along with the role is useful for distinguishing a logged-in user from unprivileged access.