You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 7, 2022. It is now read-only.
Using HTTPS is sure thing but that's not enough - we need to prevent unauthorized people from calling the API.
Please think about some solution and create PR with its implementation.
It's related to #12 .
The text was updated successfully, but these errors were encountered:
BE controller is secured on the role. For example user, manager.
To the role user are assigned technical users. To the role manager are assigned manager users.
FE can call BE through login_name and password(BCrypt) - http basic
In the DB table are :
USER(id, login_name, password, role_id)
Role(id,name)
Password is stored as BCrypt.
BE zabezpečit na roli. Té roli přiřadit technického uživatele. V DB mít tabulku user se sloupečky id, login_name, password, role_id. Vazba na tabulku role. Můžu mít více rolí - rozšiřitelnost na různé funkce.
Heslo generovat pomocí BCrypt na FE a ověřovat ho proti DB user.password.
Z FE posílám tedy login_name a password v BCrypt. BE by měl vrátit vygenerovaný X_AUTH_TOKEN, kterým se můžu v dalších requestech prokazovat.
Jinak to kluci celé řeší Java - Spring boot - microservices - několika anotacema. Včetně validace Auth-Token a ukládání si všeho potřebného do DB. V Pythonu bohužel nevím.
Using HTTPS is sure thing but that's not enough - we need to prevent unauthorized people from calling the API.
Please think about some solution and create PR with its implementation.
It's related to #12 .
The text was updated successfully, but these errors were encountered: