-
-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better authentication #177
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BREAKING CHANGE: any hosts with modified deployments of ass utilizing the auth file in its current state will need to fix their modifications.
I don't think it works
tycrek
force-pushed
the
0.14.0/better-auth
branch
from
December 7, 2022 23:00
89514a1
to
0b5b7d7
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces potentially breaking changes. It is still very early in development and should only be used experimentally at this time. If you do want to give it a shot, do it in dev. If you do it in prod, backup your
auth.json
anddata.json
before switching over.Checklist
Enviroment
Description
This PR will hopefully tackle a couple issues. Whatever I get around to dealing with I'll detail below.
Better authentication
First on the list of things I need to overhaul: better auth. The current system is pretty simple and hard to build on. The new system will use modern functions and allow better integration with CLI tools, a future API, and frontends (via aforementioned API).
Completed task: format migration
There is still a lot of work to be done, but the main thing I wanted to get out of the way is complete! Upon startup, ass will automatically migrate the auth file format. It will generate a unique ID using Nano ID. Currently, it only generates a password hash for the admin user.
Admin user??
The admin user is set by default during auth migration. It is simply user 0, aka the first one generated when you originally installed ass. Frontends will be able to use the admin user for management without needing to configure their own user system.
Passwords?!
ass now supports password hashing with bcrypt. As mentioned above, the admin password will be randomly generated, so you'll have to set it on the command line with
npm run cli-setpassword ass <password here>
(replaceass
if you changed the default username).Eventually there will be a proper API for frontends to easily let their users set passwords.
Supporting Issues
Merging this PR will close #133.