Authentication: set actor based on Sandstorm headers

simonw commented 1 year ago

https://docs.sandstorm.io/en/latest/developing/auth/ documents the headers.

Discord conversation: https://discord.com/channels/823971286308356157/996877076982415491/1017843070097698946

simonw commented 1 year ago

These look like the relevant headers:

X-Sandstorm-Username
X-Sandstorm-User-Id ("This header is not sent at all for anonymous users.")
X-Sandstorm-Permissions
X-Sandstorm-Preferred-Handle
X-Sandstorm-User-Picture
X-Sandstorm-User-Pronouns

Everything except X-Sandstorm-Tab-Id.

simonw commented 1 year ago

I'm going to map these to keys in the "actor" dictionary like so:

X-Sandstorm-Username -> username
X-Sandstorm-User-Id -> id
X-Sandstorm-Permissions -> permissions
X-Sandstorm-Preferred-Handle -> preferred_handle
X-Sandstorm-User-Picture -> `picture'
X-Sandstorm-User-Pronouns -> pronouns

Note that username is treated specially by this Datasette function, used to show the user's logged in state in the navigation bar: https://github.com/simonw/datasette/blob/5aa359b86907d11b3ee601510775a85a90224da8/datasette/utils/__init__.py#L1036-L1040

def display_actor(actor):
    for key in ("display", "name", "username", "login", "id"):
        if actor.get(key):
            return actor[key]
    return str(actor)

simonw commented 1 year ago

X-Sandstorm-Username is percent encoded, needs to be decoded.

simonw commented 1 year ago

I'm going to turn permissions into a list - or an empty list.

simonw / datasette-sandstorm-support

Authentication: set actor based on Sandstorm headers #1