API authentication, add users to replace basic auth

plutov / formulosity

Self-hosted Surveys as Code platform.

https://formulosity.vercel.app

MIT License

181 stars 20 forks source link

API authentication, add users to replace basic auth #18

Open plutov opened 2 months ago

plutov commented 2 months ago

There are 2 types of API routes:

Private: for admins. Starts with /app
Public: for respondents. Starts with /surveys

While public one can be open, the private is better to be protected as it can be used to manage the surveys.

Proposal:

Introduce JWT-based auth for these endpoints
Frontend to retrieve the JWT token and use it for requests
That means we probably need to introduce user(s) instead of basic auth

Rathish-Rajendran commented 1 month ago

Hi plutov, I would love to implement this feature. Can you kindly elaborate on what is exactly needed with more details?

Thanks!

syfuuu commented 1 month ago

@plutov i can work on this. Please mention by username if @Rathish-Rajendran didn't pick it up.

Rathish-Rajendran commented 1 month ago

@plutov can you kindly elaborate on this feature?

plutov commented 1 month ago

Sure, there is an admin console to manage surveys and see the responses, it is already protected by simple basic http auth, but API endpoints are not. My idea is to have JWT-based authentication there.

Ibukun-tech commented 1 month ago

can I be assigned this @plutov? you want a security enhancement to the application by adding JWT-based authentication to the API endpoints.

plutov commented 1 month ago

@Ibukun-tech sure