search

textileio / go-textile

[DEPRECATED] Textile is a set of tools and infrastructure for building composable apps and services on the IPFS network
https://textile.io
MIT License
357 stars 43 forks source link

Adds basic auth to REST API #899

Closed carsonfarmer closed 4 years ago

carsonfarmer commented 4 years ago

Also includes username and password handling at the cli. Fixes #894. Note this is an initial implementation, probably not the 'final' version by any means. But let's try it out and discuss. Some details:

Here's how it works from the cli:

$ textile profile
// nothing
$ textile profile --username P7blahblahhash... --password password
{
    "id": "12D3KooW...",
    "address": "P7blahblahhash...",
    "created": "2019-09-06T20:50:27.992900Z",
    "updated": "2019-09-06T20:50:27.992900Z"
}
$ export TEXTILE_USERNAME=P7blahblahhash...
$ textile profile --password password
{
    "id": "12D3KooW...",
    "address": "P7blahblahhash...",
    "created": "2019-09-06T20:50:27.992900Z",
    "updated": "2019-09-06T20:50:27.992900Z"
}
$ textile profile
// nothing
$ export TEXTILE_PASSWORD=password
$ textile profile
{
    "id": "12D3KooW...",
    "address": "P7blahblahhash...",
    "created": "2019-09-06T20:50:27.992900Z",
    "updated": "2019-09-06T20:50:27.992900Z"
}

and here's the gif showing browser support

Kapture 2019-09-06 at 14 58 55

carsonfarmer commented 4 years ago

With the docs update, the swagger docs actually show each API endpoint is 'locked', and you can 'authorize' at the top. Its a nice UX for testing things out.

carsonfarmer commented 4 years ago

Good idea @sanderpick, added. The 'hacky' (its not that bad) version I added there is needed because the Basic Auth middlewear from gin doesn't add an error message to the response body... so our tooling doesn't pick it up.

sanderpick commented 4 years ago

Sweet!