Open jankapunkt opened 2 years ago
@jankapunkt I'd turn it into middleware level API option, and call it http-auth
(open to suggestions on name). Would be useful if one want to use Meteor's accounts while building logic on HTTP/REST level
Yes, that's good. Do you think it's possible to do it, without breaking the current functionality of this package?
@jankapunkt do you have a setup to test such case?
Two options for API:
http-auth
as dependency in meteor-fileswdyt?
I think we make http-auth
an extra middleware package but make it remain as dependency of this package so the original functionality is untouched. Other suggestions @s-ol @menelike (mentioned you, since you both were involved in some of the former cookie issues, right)?
I have a suggestion:
I currently implement connect route authentication with
ostrio:cookies
and basically the code from this package:From what I can see, the code for authentication could completely be extracted into an own package and being reused for cookies-based auth in routes, right?
Example code could look like this:
Client
Server
What do you think about it? Also, do you have any concerns regarding security on that approach?