postgrest-auth
is an authorization server for PostgREST written in Node.js.
It provides the following endpoints:
POST /auth/users # create a new user and responds with an "access_token"
BODY { username password email }
RESPONSE { access_token }
POST /auth/refresh_token # returns a new access_token
BODY { username password }
RESPONSE { access_token }
POST /auth/change_password # changes a user's password and returns a new access_token
BODY { username current_password new_password new_password_confirm reset_token }
RESPONSE { access_token }
POST /auth/change_email # changes a user's email
BODY { username password email }
RESPONSE { access_token }
POST /auth/forgot_password # emails a reset_token that can be used to change password
BODY { username }
POST /auth/forgot_username # emails the user his or her username
BODY { email }
Install postgrest-auth
:
npm i -g postgrest-auth
postgrest-auth
uses a web_anon
role for unauthenticated users and a normal_user
role for users that are authenticated.
You must specify the anonymous role in your postgrest.conf
file.
db-anon-role = "web_anon"
To invalidate unexpired or stolen tokens, postgrest-auth
uses the token count strategy.
Update your postgrest.conf
to add the auth.check_token_count()
function to the pre-request
field.
pre-request = "auth.check_token_count"
Lastly, postgrest-auth
uses a postgrest-auth.json
file to know how to connect to postgres and the email account that will send emails when users signup, forget their passwords, forget their usernames, etc. You will have to change the postgrest-auth.json
example below to work with your application configuration.
// postgrest-auth.json example
{
"app_name": "A Game of Theories", // used in email signature
"db": {
"connection": {
"host": "localhost",
"port": 5432,
"database": "postgres",
"user": "postgres",
"password": "pass"
},
"connection_string": "postgres://postgres:pass@localhost/postgres",
"pool": {
"min": 2,
"max": 10
},
"schema": "auth",
"table": "users"
},
"email": {
"from": "contact@agameoftheories.com",
"host": "mail.privateemail.com",
"port": 465,
"secure": true,
"auth": {
"user": "contact@agameoftheories.com",
"pass": "thepassword"
}
},
"payload": {
"exp": 604800,
"iss": "https://agameoftheories.com"
},
"port": 3001,
"roles": {
"anonymous": "web_anon",
"user": "normal_user"
},
"secret": "secret" // jwt secret
}
Once you have created the postgrest-auth.json
file, start the postgrest-auth
server.
postgrest-auth --config postgrest-auth.json