Open pauljamescleary opened 6 years ago
This issue introduces the concept of a User. Authenticated endpoints (which include all endpoints except signup and login) will now need to be Auth'd.
All services will have to take a user. For example, if someone POSTs a new pet, we should associate the user id of the user who created it. Similarly, when someone POSTS a new order, we should save the user id on the order as well.
I am still working through the particulars of TSec, may reach out for some help.
@paulcleary @zakpatterson I wanted to give a try to TSec
so I started working on the issue. I have the implementation almost ready but I python is a no-no for me. Do you want me to leave PR without the Python part for someone who is willing to help with it ? Or nah ?
I think starting a work-in-progress PR for the TSec stuff, and just leaving off the integration testing for it is a great idea.
As an aside, I do think the python has instructive value for people that come to the project from a python background. I also think adding integration testing using http4s's client libraries would be valuable. Once integration testing is built out using http4s I think there would be a case to be made to drop the python one since maintaining both would be annoying.
I agree. It would be great for someone new to fs2 to build integration tests using the streaming http client from http4s. Although you could just run the non-streaming one which is designed specifically for testing.
I'll try to finish and polish the work-in-progress PR about TSec during the next week. Some feedback will be nice :)
Implement authentication middleware for logged in endpoints.
It appears as though TSec is the way to go here...
https://jmcardon.github.io/tsec/docs/http4s/auth-jwt.html
Need a few things here: