search

tw4l / bulk-reviewer

DEPRECATED. Replaced with Electron desktop application: https://github.com/bulk-reviewer/bulk-reviewer
GNU Affero General Public License v3.0
13 stars 1 forks source link

Add API authentication #52

Open tw4l opened 5 years ago

tw4l commented 5 years ago

See https://www.django-rest-framework.org/api-guide/authentication/ and https://www.django-rest-framework.org/api-guide/permissions/

Will require introducing user management to Vue frontend

tw4l commented 5 years ago

Separate issue for frontend user management: https://github.com/timothyryanwalsh/bulk-reviewer/issues/63

tw4l commented 5 years ago

For 0.1.0 release: add login screen and frontend logic and secure API, but handle all user management through built-in Django admin

tw4l commented 5 years ago

django-rest-auth and login/logout API endpoints for handling tokens added in commit https://github.com/timothyryanwalsh/bulk-reviewer/commit/fdcaacf0606a5eff094f40442771cfd0acf8e502

To secure API, add the following to server/server/settings.py:

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.TokenAuthentication',
    ),
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework.permissions.IsAuthenticated',
    ),
}

Will require adding logic to Vue SPA to store token and authentication state, pass token with API requests. See as example:

https://blog.sqreen.io/authentication-best-practices-vue/