This repository was archived by the owner on May 8, 2020. It is now read-only.
This repository was archived by the owner on May 8, 2020. It is now read-only.
Abstract AuthService and concrete JWTAuthService #23
Description
Implement an abstract AuthService with concrete JwtAuthService extends AuthService implementation.
This component should be split across the stack, as in the browser HttpService should utilize a separate injectable component for authenticating requests.
For now, just implement roleless authentication, roles & permissions will be handled later in a more complex RBAC component (Yii style).
As the complexity is relatively low, also implement BasicAuthService using http basic auth, mostly as demonstration of the abstraction of the auth service.
Initial implementation thoughts:
@Authenticate
@Route('GET', '/something-secure')
public getSecureThing(request: Request, response: Response): Response {
return Promise.all([
this.secretStore.get(response.param('id')),
this.auth.getAuthenticated() //try to avoid getUser() as the authenticated member could be another service
])
.then((res) => {
const [authenticated, thing] = res;
if (!thing.isOwnedBy(authenticated)) {
throw new ForbiddenException();
}
return response.data(thing);
})
}