UI auth #699
Merged
UI auth #699
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
iskakaushik
reviewed
Nov 22, 2023
iskakaushik
reviewed
Nov 22, 2023
|
redirect for when password is incorrect, saying something like “invalid password, redirect to the login page”
|
serprex
force-pushed
the
ui-basic-auth
branch
from
40d6bf1 to
2fd13f4
Compare
iskakaushik
reviewed
Nov 23, 2023
serprex
force-pushed
the
ui-basic-auth
branch
from
2fd13f4 to
321cb75
Compare
serprex
force-pushed
the
ui-basic-auth
branch
from
68a2268 to
88f7bda
Compare
|
There are some UI refinements for a later PR, but this is looking good for now. LGTM! |
iskakaushik
reviewed
Nov 24, 2023
|
|
||
| import { NextResponse } from 'next/server'; | ||
|
|
||
| export default function middleware(req: NextRequest) { |
There was a problem hiding this comment.
What do you think of something like:
const router = createEdgeRouter<NextRequest, NextFetchEvent>();
router.use('/', async (request) => {
let path = request.nextUrl.pathname;
let excludedPaths = ['/api/auth/callback', '/api/auth/login'];
if (!excludedPaths.includes(path)) {
// ...
return authMiddleware(request);
} else {
return NextResponse.next();
}
});
export function middleware(request: NextRequest, event: NextFetchEvent) {
return router.run(request, event);
}
export const config = {
matcher: [
// Match everything other than static assets
'/((?!_next/static|_next/image|favicon.ico).*)',
],
};
There was a problem hiding this comment.
I'll add export const config but for now the rest seems unnecessary
iskakaushik
approved these changes
Nov 24, 2023
serprex
force-pushed
the
ui-basic-auth
branch
from
82a3cff to
82d0f87
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implement the most primitive authentication scheme I could think of
Extending this can be done in future by introducing new supporting environment variables
If someone feels queasy about storing password in cookie, a 2nd env variable can be made,
PEERDB_PASSWORD_TOKEN, which the cookie is set to instead of the passwordOn cloud we'll want to use
pbkdf2or some other key derivation function so that we never store the password anywhere. So add aPEERDB_PASSWORD_FUNCTIONvariable & setPEERDB_PASSWORDto{algo:'SHA512',iter:999999,salt:'random',auth:'result'}& have login handler hash password accordingly. Managed service would handle setting these environment variables on customer's setup