search

perfood / couch-auth

Powerful authentication for APIs and apps using CouchDB (or Cloudant) with Node >= 14
MIT License
66 stars 19 forks source link

[question] Is it possible to use without mail server? #44

Closed fredguth closed 2 years ago

fredguth commented 2 years ago

Is the mail server really necessary? If I am using a Provider, when and why will couch-auth send an email?

ErikGoH commented 2 years ago

This are the things I remember when I was configuring the package but you can wait to the maintainer to correct me/add anything I missed.

Disabling Email

You can disable the all the email completely by setting the testMode.noEmail config to true. https://github.com/perfood/couch-auth/blob/ae4206856de8f3937e84218a36cb4ddbe4de75df/config.example.js#L6-L10

But also you will need to set the local.requireEmailConfirm to false, but this would allow people to create fake accounts using random emails that would never be verified. If you are using it for an internal/private app maybe this could work for you. https://github.com/perfood/couch-auth/blob/ae4206856de8f3937e84218a36cb4ddbe4de75df/config.example.js#L36-L40

Email Providers with Nodemailer

You can try to search "Nodemailer + [name of your email provider]" to see if there is anything special you have to do (configuring API keys) or if its just simple SMTP provider you can just use

// couch-auth config
{
...
    mailer: {
      fromEmail: 'sistema@example.com',
      options: {
        host: 'smtp.some-provider-host.com',
        port: 587,
        secure: false, // you only set this to true if your provider is using port 465
        auth: {
          user: 'username',
          pass: 'password',
        },
      },
    },
...
  };

For example I use sendgrid and I am using apiKey authentication to send my emails.

import nodemailerSendgrid from 'nodemailer-sendgrid';
...
// couch-auth config
{
...
  mailer: {
    fromEmail: 'sistema@example.com',
    transport: nodemailerSendgrid,
    options: {
      apiKey: process.env.MAILER_SENDGRID_APIKEY,
    },
  },
...
};

When and Why will couch-auth send an email

confirmEmail

After an user registers POST /register

forgotPassword

After a user request a password reset link POST /forgot-password

modifiedPassword

After a password change (this one I don't remember testing it but i assume) POST /password-change

confirmEmailChange

After a user requests to update their email (this one I don't remember testing it but i assume) POST /change-email

signupExistingEmail

When a user tries to sign up with an already register email POST /register but when it fails because the email is already in use

fredguth commented 2 years ago

Thanks for the explanation. The reason I don't see any value in keeping the user email is that I will always use a third party oauth provider. In my app, phone number is a unique identifier, not email.

I am just beginning to understand couch-auth. I have used Couch before in a offline first app and I used the 1-db-per-user strategy. It was great most of the time, but I had many troubles in two areas: 1) when the local pouchdb was empty and there was many documents to fill taking a long time. 2) when there were shared documents between 2 users and I had to copy those documents and keep than in sync.

That is why I was looking to ditch the 1-db-per-user for a per document permission strategy where I could have only one db or 1 db per document type. I see that couch-auth already has authorization per document, but lacks documentation.