Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better authentication #177

Merged
merged 31 commits into from
Dec 25, 2022
Merged

Better authentication #177

merged 31 commits into from
Dec 25, 2022

Conversation

tycrek
Copy link
Owner

@tycrek tycrek commented Nov 30, 2022
edited

⚠️ Stop! Breaking changes ahead ⚠️

This PR introduces potentially breaking changes. It is still very early in development and should only be used experimentally at this time. If you do want to give it a shot, do it in dev. If you do it in prod, backup your auth.json and data.json before switching over.

Checklist

  • I have read the Contributing Guidelines
  • I acknowledge that any submitted code will be licensed under the ISC License
  • I confirm that submitted code is my own work
  • I have tested the code, and confirm that it works

Enviroment

  • Operating System: Win 10
  • Node version: 16.14.0
  • npm version: 8.17.0

Description

This PR will hopefully tackle a couple issues. Whatever I get around to dealing with I'll detail below.

Better authentication

First on the list of things I need to overhaul: better auth. The current system is pretty simple and hard to build on. The new system will use modern functions and allow better integration with CLI tools, a future API, and frontends (via aforementioned API).

Completed task: format migration

There is still a lot of work to be done, but the main thing I wanted to get out of the way is complete! Upon startup, ass will automatically migrate the auth file format. It will generate a unique ID using Nano ID. Currently, it only generates a password hash for the admin user.

Admin user??

The admin user is set by default during auth migration. It is simply user 0, aka the first one generated when you originally installed ass. Frontends will be able to use the admin user for management without needing to configure their own user system.

Passwords?!

ass now supports password hashing with bcrypt. As mentioned above, the admin password will be randomly generated, so you'll have to set it on the command line with npm run cli-setpassword ass <password here> (replace ass if you changed the default username).

Eventually there will be a proper API for frontends to easily let their users set passwords.

Supporting Issues

Merging this PR will close #133.

@tycrek tycrek added the enhancement New feature or request label Nov 30, 2022
@tycrek tycrek added this to the 0.14.0 milestone Nov 30, 2022
@tycrek tycrek self-assigned this Nov 30, 2022
@tycrek tycrek changed the title build: added nanoid package Better authentication Nov 30, 2022
@tycrek tycrek linked an issue Nov 30, 2022 that may be closed by this pull request
[FEATURE] Proper multi-user support #133
Closed
@tycrek tycrek marked this pull request as ready for review December 7, 2022 22:00
@tycrek
build: added nanoid package
e425425
@tycrek
build: target ES2022
20b907d
@tycrek
feat: added type definitions for auth
7b88ee9
@tycrek
feat: BREAKING: overhaul auth file format and handling (etc, expand)
1a9fad7 
BREAKING CHANGE: any hosts with modified deployments of ass utilizing the auth file in its current state will need to fix their modifications.
@tycrek
fix: use setURL instead of setUrl, package seems unmaintained
340b44a
@tycrek
chore: indicate this will become v0.14.0 eventually
499aac0
@tycrek
refactor: switch to arrays instead of Objects/maps
27aa264
@tycrek
chore: rename this to improve understanding
42a7b47
@tycrek
feat: auto-gen random unknown admin password during migration
6be768d
@tycrek
feat: added export for setting passwords
6cfd353
@tycrek
build: forgot to commit packages for bcrypt
6338628
@tycrek
feat: added CLI scripts for setting & testing hashed passwords
dc2f393
@tycrek
feat: createNewUser now accepts a password and handles hashing
2dad6f1
@tycrek
fix: put salt rounds in a constant
1887409
@tycrek
fix: auth file written before bcrypt Promise resolved
619a30d
@tycrek
feat: deprecate token in FileData, switch to uploader
76dc684
@tycrek
feat: use vars for filenames instead of direct strings
6cc0cb3
@tycrek
feat: migrate datafile (token => uploader unid)
4c40092
@tycrek
feat: try to reset user array at start of onStart*
a774ab3 
I don't think it works
@tycrek
fix: remove this method for duplicating the list (ironically correctly)
87c8e64
@tycrek
chore: hide backup files
0b5b7d7
@tycrek tycrek merged commit 9b0c726 into 0.14.0/stage Dec 25, 2022
@tycrek tycrek deleted the 0.14.0/better-auth branch December 25, 2022 00:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@tycrek tycrek

Labels
enhancement New feature or request
Projects
None yet
Milestone
0.14.0
Development

Successfully merging this pull request may close these issues.

[FEATURE] Proper multi-user support
1 participant
@tycrek