Add authentication framework to UI

[starcalibre]

As above. This is how the auth will work:

User documents will be stored in the DB in the below format. We'll set these up manually for the time being.

user = { userName: 'VCFG', password: [some hashed password], screens: ['LNC-10A-SP', 'LNC-231-SP'] }

The user logs in and a token is saved to their PC locally. The screens array is saved in the token (tokens are hashed so they can't be edited locally). All of the routes on the server are updated such that the user sends their token whenever a GET request is made to the server. If the user isn't logged in, or doesn't have the screen they're trying to access attached to their token -- the API won't serve the request.

We can set it up such that anyone can access the public dataset, but you need to login to access the others.

With respect to securing Mongo, three things need to be done (at a minimum) once it's installed on the nectar instance.

• Add user authentication. By default Mongo DBs have full read/write access for anyone who connects. We add two users.. an admin with full read/write access and read only account. The Web API will connect to the DB with the read only account.
• Restrict the list of allowed IPs so only the localhost can connect (ie the server itself).
• Change the default port to anything but the default!

[jni]

Does "the DB" refer to mongo?

Is the above approach standard? I like this scheme but I specifically don't want to roll our own auth unless we absolutely have to.

It sounds like you've done some good research on the topic — can you add sources for each/most of the above decisions?