Extending the user model, which one to use?
afidegnum opened this issue · 7 comments
Hi,
I really love the authentication mechanism posted. I was looking to implement something secured in a similar manner.
I noticed there are 3 user models with different security implementation.
Which one is the definite model which can be extended on? i.e adding custom bio, picture etc... ?
@afidegnum Hi.
The users table is where you could bio, picture etc.
CREATE TABLE users (
id SERIAL PRIMARY KEY,
email VARCHAR NOT NULL UNIQUE,
hashed_password VARCHAR NOT NULL,
reset_password_selector VARCHAR,
reset_password_verifier_hash VARCHAR,
created_at TIMESTAMP NOT NULL DEFAULT NOW(),
updated_at TIMESTAMP NOT NULL DEFAULT NOW()
);Barricade will just ignore those fields.
Does that answer your question?
Thanks, I'm immensely grateful for your prompt response,
Let me implement it and keep you updated.
please permit me to also ask, what's the difference between actix-server/src/ auth and encrypted_auth ? Which ones bypass a proxy?
My intent: I have a javascript front end already built, I want to be able to register and authenticate via api as and use jwt authentication maybe using session and cookies as well.
Can you please advise?
So I had 2 use cased when I built this. One is for normal authentication implemented in the auth folder.
This is the one you would want to use.
encrypted_auth is my other use case where I build applications that encrypt data on the users behalf. i.e. https://cloak.software
One last question, how do i authenticate a protected page? i.e. a user is visiting /profile, he should be redirected to login if his session is not active.
@ianpurton What do I replace JWT with in your project?
So barricade sits in front of your application and intercepts all requests. So you /profile page is automatically protected.
In your backend you will receive a HTTP header called x-user-id which will be the user id from your users table.
You don't need to do anything else barricade handles the session for you.