New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ecto and Plug.Conn utilities #11
Comments
These are great thoughts. I honestly have wondered whether it might be best to move There could be an That would be my vote. |
Yeah, it does feel like there should be a separate package for the template, especially since there are a few implicit dependencies (comeonin, bcrypt_elixir). I'd be happy to work on something like this, and I have some stuff written up that I'm using in my project that I could extract. |
I'll put up some new repos for these packages this afternoon and we can collaborate. |
@rzane I created https://github.com/infinitered/authority_ecto. Feel free to contribute! |
Regarding We're going in a little different direction with how we use Authority in our projects than what you outlined here. Instead of using plugs like My Phoenix controller might look like this: defmodule MyAppWeb.CMSController do
use MyAppWeb, :controller
action_fallback MyAppWeb.FallbackController # handles the error case
def index(conn, _params) do
with {:ok, pages} <- MyApp.CMS.list_pages(conn.assigns.token) do
conn
|> assign(:pages, pages)
|> render("index.html")
end
end
end Instead of using a plug or passing in a current user, we We find this has several benefits:
You can see all of this in action in Mithril, our upcoming project generator. I'll give you read access, and you can hit me up in our community Slack for help running and understanding it. |
I haven't published it yet, but I'm working on the plug utilities I mentioned here. It plays quite nicely with authority, but it is completely generic. |
With the release of rzane/authenticator on hex, I think we can close this down. |
First, this library is fantastic. Out of the box, the
Authority.Template
pretty much just works. I really appreciate the approach taken here, because it doesn't get in my way, but also doesn't make me write literally everything from scratch.Providing a few more conveniences could help make the experience a little smoother, and would prevent the user from having to know security best practices.
Authority.Ecto
I had to look at the project's test suite to see how my schemas should be setup in order to play nice with the template. This is an area where the documentation could probably be improved, but it would be nice to have some convenience changeset functions.
Authority.Plug
It would be nice to have a few functions for working with
Plug.Conn
. For example:sign_in(conn, user)
- put the user in the sessionsign_out(conn)
- clear the user from the sessionplug Authority.Plug.LoadCurrentUser
- lookup the user from the session or from a token in theAuthorization
header, assignconn.assigns.current_user
plug Authority.Plug.Authenticated
- ensure that the loaded user is presentplug Authority.Plug.Unauthenticated
- ensure that the loaded user is not presentI'm interested to get some opinions for how this stuff should be implemented. Should it be part of authority? A separate package? More ideas?
The text was updated successfully, but these errors were encountered: