Connect auth to ACL system in the DB
Closed this issue · 1 comments
Create ACL Interface For mAPIServer to enable proper user permission management.
The database contains a table for ACL which will link permissions to the commands. We need to link these to the actual commands. In this repository, there should be a "database interface", which should be linked with the commands. In the future, we'll have it pass in a token which can be used to get user information such as username, etc. This will be linked as it determines what permissions are held based on the username.
So, the first thing we'll need to do is implement a form of authentication system. This should be done via the BG-UI repo. The system should have an in-memory dictionary that is used for handling tokens. The user should pass in a username and password, and a token will be returned which is stored in memory and links that token to the uname. Additionally, a token expiration system should be implemented which causes the tokens to expire after an arbitrary amount of time. This can be left in as a hard-coded amount of time for now.
Make sure to generate a very long and secure random token though.
Next, we'll need to implement a system where the user passes in the token with their post request, and it reads the token and converts it into a username which is sent with the request to NES. This will require updating the api commands behind-the-scenes to make sure that they check the account permissions before executing the command.
Another thing to make note of: the NES API server should create it's own instance of the db-interface as there are currently threading issues that we're having so passing it between threads will cause large problems. The resolution to this is currently underway, however for now, it's still a problem.
As always, please let me know if you have any questions or concerns. For now, let's put this stuff under it's own branch.