git clone git@github.com:enspiral-dev-academy/grads.git
cd grads
npm install
npm run build
npm start
# open localhost:8000 in your favorite browser.
Authorization uses "cookies". Cookies are something delicious you eat, so it really doesn't make any sense to call things used for authentication "cookies", especially when those things behave a lot like a familiar ticket and ticket stub, as is familiar to people who have ridden a bus or gone to the movies.
first a "ticket" is created. this is a high entropy (unguessable) token.
node index.js auth.create <resource>
1d67c0e114b10dc9cc96ea9cd2966f76c42539db
in this case, <resource> should probably be an email address.
this token would be emailed to the user, embedded in a link back to the server.
http://localhost:8000/redeem/1d67c0e114b10dc9cc96ea9cd2966f76c42539db
the server creates a cookie and sends it to you in the response,
which is also a redirect to the rest of the app (though it could easily
be a redirect to edit your newly created profile)
This is exactly like tearing off the ticket and givening you back the ticket stub when you enter the theater. Possession of the ticket stub shows you are authorized to see the movie.
To can test this using curl
curl localhost:8000/redeem/1d67c0e114b10dc9cc96ea9cd2966f76c42539db -c jar -b jar -v
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8000 (#0)
> GET /redeem/1d67c0e114b10dc9cc96ea9cd2966f76c42539db HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200 OK
* Replaced cookie cookie="437734b0886caf51a8961b1033abb392b07333c1" for domain localhost, path /, expire 1491397335
< Set-Cookie: cookie=437734b0886caf51a8961b1033abb392b07333c1;Path=/;Expires=Wed Apr 05 2017 13:02:15 GMT+1200 (NZST)FirstPartyOnly;HttpOnly;
< Location: /
< Date: Tue, 05 Apr 2016 01:02:15 GMT
< Connection: keep-alive
< Content-Length: 0
<
* Connection #0 to host localhost left intact
note that curl can be quite finnecky about using cookies
and to both write and read cookies you need to use -c jar -b jar
arguments where jar is the "cookie jar"
a grad has the following data
upload a photo, or CV, sets on profile.
just merge updates to the same key? each edit is it's own log record, and then the document is just a view on that.
simplest is to filter out updates before they go in. but if you ever needed multimaster you'd store the auth in the database, then you'd need signatures.
email someone a URL with a token in it, this adds a cookie which is authorized, and that url is now disabled.
now, that cookie has those permissions, to log in again, resend the email.
permissions are: if you are authorized as the owner of an email then you can update the record where you are marked as the owner. else
use XHR post so we can upload files directly without dealing with multipart.
map arguments to query string and command name to path. sync, async, and source should all use GET. sink can use POST.
MIT
FAQs
# running
We found that eda-grads demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.