search

w3tecch / express-typescript-boilerplate

A delightful way to building a RESTful API with NodeJs & TypeScript by @w3tecch
MIT License
3.29k stars 904 forks source link

How does the auth works? #145

Closed humbertowoody closed 5 years ago

humbertowoody commented 5 years ago

I am using this boilerplate as it fits mostly my current project's requirements. Everything is understandable, except for the Auth part. Maybe a section in the README? Or on the Wiki some other issue talks about? A little guidance about how auth is performed on the boilerplate out of the box will be really helpful :)

koka0012 commented 5 years ago

What you haven't understood? I can try to help you.

koka0012 commented 5 years ago

I mean, it is simple to understand how auth works. You may check the file AuthService.ts

humbertowoody commented 5 years ago

Maybe just an explanation of how it works? I can’t seem to understand how to integrate with the mock server README.md makes reference. Is it a Bearer token?

El 25 ene 2019, a las 14:26, Augusto Chmieleski notifications@github.com escribió:

I mean, it is simple to understand how auth works. You may check the file AuthService.ts

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/w3tecch/express-typescript-boilerplate/issues/145#issuecomment-457715638, or mute the thread https://github.com/notifications/unsubscribe-auth/AIYPFbh8dnI7DtUh53pZFmUSj5Kn3CLjks5vG2iNgaJpZM4aTUNc.

koka0012 commented 5 years ago

It use Basic Auth, it's user + password separated by ':' and encoded using base64.

koka0012 commented 5 years ago 
public parseBasicAuthFromRequest(req: express.Request): { username: string, password: string } {
  const authorization = req.header('authorization');
  if (authorization && authorization.split(' ')[0] === 'Basic') {
    this.log.info('Credentials provided by the client');
      const decodedBase64 = Buffer.from(authorization.split(' ')[1], 'base64').toString('ascii');
      const username = decodedBase64.split(':')[0];
      const password = decodedBase64.split(':')[1];
      if (username && password) {
        return { username, password };
      }
   }
}
humbertowoody commented 5 years ago

Now I get it! So the mock server is not necessary, right? Also, to integrate multiple auth systems, say one Team route needs JWT and User needs a Basic Auth, should it be on 2 files, or in the same file? Thank you very much for the information :)

EDIT: To be clear, how do you integrate 2 auth systems?

humbertowoody commented 5 years ago

I am closing this since it isn't really an issue, perhaps adding the information in the README about it will make it clearer for newcomers :)