-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Protect API endpoints with token auth middleware #62
Conversation
ff2ad8b
to
8816d93
Compare
Added a settings modal. It can be opened by clicking on the cog icon on the top right. It currently only contains the logout option and (if the user is an admin) the option to copy their access token. Feel free to adjust the look and feel of these components. I also added a disclaimer to educate the user about misuse of the access token. They must acknowledge this disclaimer before they are able to copy the token. The disclaimer is a bit long, so it becomes scrollable if the max height for it is reached. output.mp4 |
I'm not going to approve this. I don't think this is good UI / UX and adding this token does nothing beneficial for our symposium. |
9a9713d
to
1a3d078
Compare
This is the only endpoint in the doors route that is not private, so moving it to the auth route makes its visibility less confusing.
1a3d078
to
5c0e4b2
Compare
title="Settings" | ||
content={Confirmation()} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is "Settings" the correct title? Also I don't think the brackets are necessary
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed the title to "Warning". The brackets on Confirmation are necessary because content expects an Element
and Confirmation
is () => Element
.
5c0e4b2
to
21ed30f
Compare
Now that modals are scrollable, this is not necessary.
Protects most endpoints with token auth. The only endpoints not protected are the ones required for login, where the user does not yet have an auth token.
Since endpoints now require authentication, you will need to add a Bearer Token type Authorization header if you are testing endpoints in something like Postman. To obtain a token, you can:
Copy Token
button while logged in as an admin (dev or prod).jwt
cookie while logged in as an admin (dev or prod)The token auth verifier will check for both cookie or bearer token, so if you are already logged in as an admin then you can access GET endpoints just by visiting their URL.
The following frontend functionality has been tested and is not broken: