Haytni is a configurable authentication system for Phoenix, inspired by Devise and mix phx.gen.auth
(end) goals:
- security focused
- provides a strong and ready to use base
- non-bloatware:
- all logics are not located in controllers
- minimize changes on upgrades
- easily customisable and extendable:
- enable (or disable) any plugin
- add your own plugins to the stack
The only things you install in your project are:
- migrations
- views (you may need some custom helpers for your templates)
- templates (for emails and web pages)
If you need your own features, you write (and test) your own plugins:
- no need to change some obscur and very long code you may not understand, you just need to implement the callbacks that feet your needs
- your changes will not impact and break anything else (starting by tests)
Important note: Haytni cannot be used in an umbrella-ed Phoenix application.
Plugins:
- authenticable (
Haytni.AuthenticablePlugin): handles hashing and storing an encrypted password in the database - registerable (
Haytni.RegisterablePlugin): the elements to create a new account or edit its own account - rememberable (
Haytni.RememberablePlugin): provides "persistent" authentication (the "remember me" feature) - confirmable (
Haytni.ConfirmablePlugin): accounts have to be validated by email - recoverable (
Haytni.RecoverablePlugin): recover for a forgotten password - lockable (
Haytni.LockablePlugin): automatic lock an account after a number of failed attempts to sign in - last_seen (
Haytni.LastSeenPlugin): register the last time a user signed in - trackable (
Haytni.TrackablePlugin): register users's connections (the IP addresses he used) - invitable (
Haytni.InvitablePlugin): registration on invitation or sponsorship - password policy (
Haytni.PasswordPolicyPlugin): basic validations against passwords (length and minimal character types presence) - liveview (
Haytni.LiveViewPlugin): provides authentication to channels and liveview if the _csrf_token cookie is not available - clearsitedata (
Haytni.ClearSiteDataPlugin): set the HTTP header Clear-Site-Data on logout (and eventually login) - encrypted_email (
Haytni.EncryptedEmailPlugin): keep the email in an hashed form to prevent abuse (deleting the account then recreate it with same address) - anonymization (
Haytni.AnonymizationPlugin): anonymize user's data on account deletion - rolable (
Haytni.RolablePlugin): everything (Ecto associations and management interface) you need to get roles support
Documentation can be found at https://hexdocs.pm/haytni.
Installation is described here.
BEWARE: this README (and the whole master branch) might be out of sync with hexdocs (last release)