search

yorkie-team / yorkie

Yorkie is a document store for collaborative applications.
https://yorkie.dev
Apache License 2.0
761 stars 140 forks source link

Support Basic Account Action for Admin #849

Closed krapie closed 4 weeks ago

krapie commented 3 months ago

What would you like to be added:

The AdminService currently only includes the SignUp and LogIn API endpoints. To enhance the functionality and provide basic account actions for administrators, additional actions such as SignOut and ChangePassword need to be implemented.

service AdminService {
  rpc SignUp(SignUpRequest) returns (SignUpResponse) {}
  rpc LogIn(LogInRequest) returns (LogInResponse) {}

  # Needs to be implemented.
  rpc SignOut(SignOutRequest) returns (SignOutResponse) {}
  rpc ChangePassword(SignOutRequest) returns (SignOutResponse) {}

Why is this needed:

Expanding the basic account actions available through the AdminService will improve the user experience and provide necessary functionality for administrative tasks.

gusah009 commented 1 month ago

Hi! I'm interested in working on this issue. Could I take on this issue?

krapie commented 1 month ago

@gusah009 Sure! Looks like this is a best issue to know how Golang based server works :)

gusah009 commented 1 month ago

Hi. I've been thinking about this issue, and I don't think I need to implement the SignOut API on the server side. because I understand that yorkie uses JWT for authentication internally, and I think the client just needs to clear the stored token when signing out. What do you think, @krapie ?

krapie commented 1 month ago

@gusah009 Well I think I misused the word Sign Out. I meant Delete Account for the word Sign Out, but it seems like the word is inappropriate.

gusah009 commented 1 month ago

@krapie Oh, I see, SignOut is the opposite of SignIn, I misunderstood. Can I develop with DeleteAccount instead of SignOut?

krapie commented 1 month ago

@gusah009 It's all yours :)

gusah009 commented 1 month ago

@krapie I apologize in advance for any ongoing questions ( )

Are DeleteAccount and ChangePassword APIs targeted at me(admin)? Since they are admin APIs, it seems like I should be able to delete or change any user (even another admin account).

The reason I ask is that if it is, I want to get the password in the request and validate it, and if not, I want to do DeleteAccount or ChangePassword without validation, trusting the admin token.

krapie commented 1 month ago

@krapie Well, all the APIs are for the admin itself. Currently there are no "user" for admin to delete or change. So we only need to consider APIs for admin itself.