1 files changed, 263 insertions, 0 deletions
diff --git a/config/auth.ts b/config/auth.ts
new file mode 100644
index 0000000..28a9b8c
--- /dev/null
+++ b/config/auth.ts
@@ -0,0 +1,263 @@
+/**
+ * Config source: https://git.io/JY0mp
+ *
+ * Feel free to let us know via PR, if you find something broken in this config
+ * file.
+ */
+import { AuthConfig } from '@ioc:Adonis/Addons/Auth';
+import Env from '@ioc:Adonis/Core/Env';
+import { appKey, jwtUsePEM } from './app';
+/*
+|--------------------------------------------------------------------------
+| Authentication Mapping
+|--------------------------------------------------------------------------
+|
+| List of available authentication mapping. You must first define them
+| inside the `contracts/auth.ts` file before mentioning them here.
+|
+*/
+const authConfig: AuthConfig = {
+  guard: 'web',
+  guards: {
+    /*
+    |--------------------------------------------------------------------------
+    | Web Guard
+    |--------------------------------------------------------------------------
+    |
+    | Web guard uses classic old school sessions for authenticating users.
+    | If you are building a standard web application, it is recommended to
+    | use web guard with session driver
+    |
+    */
+    web: {
+      driver: 'session',
+      provider: {
+        /*
+        |--------------------------------------------------------------------------
+        | Driver
+        |--------------------------------------------------------------------------
+        |
+        | Name of the driver
+        |
+        */
+        driver: 'lucid',
+        /*
+        |--------------------------------------------------------------------------
+        | Identifier key
+        |--------------------------------------------------------------------------
+        |
+        | The identifier key is the unique key on the model. In most cases specifying
+        | the primary key is the right choice.
+        |
+        */
+        identifierKey: 'id',
+        /*
+        |--------------------------------------------------------------------------
+        | Uids
+        |--------------------------------------------------------------------------
+        |
+        | Uids are used to search a user against one of the mentioned columns. During
+        | login, the auth module will search the user mentioned value against one
+        | of the mentioned columns to find their user record.
+        |
+        */
+        uids: ['email'],
+        /*
+        |--------------------------------------------------------------------------
+        | Model
+        |--------------------------------------------------------------------------
+        |
+        | The model to use for fetching or finding users. The model is imported
+        | lazily since the config files are read way earlier in the lifecycle
+        | of booting the app and the models may not be in a usable state at
+        | that time.
+        |
+        */
+        model: () => import('App/Models/User'),
+      },
+    },
+    /*
+    |--------------------------------------------------------------------------
+    | OAT Guard
+    |--------------------------------------------------------------------------
+    |
+    | OAT (Opaque access tokens) guard uses database backed tokens to authenticate
+    | HTTP request. This guard DOES NOT rely on sessions or cookies and uses
+    | Authorization header value for authentication.
+    |
+    | Use this guard to authenticate mobile apps or web clients that cannot rely
+    | on cookies/sessions.
+    |
+    */
+    api: {
+      driver: 'oat',
+      /*
+      |--------------------------------------------------------------------------
+      | Tokens provider
+      |--------------------------------------------------------------------------
+      |
+      | Uses SQL database for managing tokens. Use the "database" driver, when
+      | tokens are the secondary mode of authentication.
+      | For example: The Github personal tokens
+      |
+      | The foreignKey column is used to make the relationship between the user
+      | and the token. You are free to use any column name here.
+      |
+      */
+      tokenProvider: {
+        type: 'api',
+        driver: 'database',
+        table: 'tokens',
+        foreignKey: 'user_id',
+      },
+      provider: {
+        /*
+        |--------------------------------------------------------------------------
+        | Driver
+        |--------------------------------------------------------------------------
+        |
+        | Name of the driver
+        |
+        */
+        driver: 'lucid',
+        /*
+        |--------------------------------------------------------------------------
+        | Identifier key
+        |--------------------------------------------------------------------------
+        |
+        | The identifier key is the unique key on the model. In most cases specifying
+        | the primary key is the right choice.
+        |
+        */
+        identifierKey: 'id',
+        /*
+        |--------------------------------------------------------------------------
+        | Uids
+        |--------------------------------------------------------------------------
+        |
+        | Uids are used to search a user against one of the mentioned columns. During
+        | login, the auth module will search the user mentioned value against one
+        | of the mentioned columns to find their user record.
+        |
+        */
+        uids: ['email'],
+        /*
+        |--------------------------------------------------------------------------
+        | Model
+        |--------------------------------------------------------------------------
+        |
+        | The model to use for fetching or finding users. The model is imported
+        | lazily since the config files are read way earlier in the lifecycle
+        | of booting the app and the models may not be in a usable state at
+        | that time.
+        |
+        */
+        model: () => import('App/Models/User'),
+      },
+    },
+    /*
+    |--------------------------------------------------------------------------
+    | Basic Auth Guard
+    |--------------------------------------------------------------------------
+    |
+    | Uses Basic auth to authenticate an HTTP request. There is no concept of
+    | "login" and "logout" with basic auth. You just authenticate the requests
+    | using a middleware and browser will prompt the user to enter their login
+    | details
+    |
+    */
+    basic: {
+      driver: 'basic',
+      realm: 'Login',
+      provider: {
+        /*
+        |--------------------------------------------------------------------------
+        | Driver
+        |--------------------------------------------------------------------------
+        |
+        | Name of the driver
+        |
+        */
+        driver: 'lucid',
+        /*
+        |--------------------------------------------------------------------------
+        | Identifier key
+        |--------------------------------------------------------------------------
+        |
+        | The identifier key is the unique key on the model. In most cases specifying
+        | the primary key is the right choice.
+        |
+        */
+        identifierKey: 'id',
+        /*
+        |--------------------------------------------------------------------------
+        | Uids
+        |--------------------------------------------------------------------------
+        |
+        | Uids are used to search a user against one of the mentioned columns. During
+        | login, the auth module will search the user mentioned value against one
+        | of the mentioned columns to find their user record.
+        |
+        */
+        uids: ['email'],
+        /*
+        |--------------------------------------------------------------------------
+        | Model
+        |--------------------------------------------------------------------------
+        |
+        | The model to use for fetching or finding users. The model is imported
+        | lazily since the config files are read way earlier in the lifecycle
+        | of booting the app and the models may not be in a usable state at
+        | that time.
+        |
+        */
+        model: () => import('App/Models/User'),
+      },
+    },
+    jwt: {
+      driver: 'jwt',
+      secret: jwtUsePEM ? undefined : appKey,
+      algorithmJwt: jwtUsePEM ? undefined : 'HS256',
+      publicKey: jwtUsePEM
+        ? Env.get('JWT_PUBLIC_KEY', '').replaceAll('\\n', '\n')
+        : undefined,
+      privateKey: jwtUsePEM
+        ? Env.get('JWT_PRIVATE_KEY', '').replaceAll('\\n', '\n')
+        : undefined,
+      persistJwt: true,
+      // TODO: We should improve the following implementation as this is a security concern.
+      // The following ts-expect-error is to set exp to undefined (JWT with no expiration)
+      // @ts-expect-error
+      jwtDefaultExpire: undefined,
+      refreshTokenDefaultExpire: '10d',
+      tokenProvider: {
+        driver: 'database',
+        table: 'jwt_tokens',
+        foreignKey: 'user_id',
+      },
+      provider: {
+        driver: 'lucid',
+        identifierKey: 'id',
+        uids: [],
+        model: () => import('App/Models/User'),
+      },
+    },
+  },
+};
+export default authConfig;

diff --git a/config/auth.ts b/config/auth.ts new file mode 100644 index 0000000..28a9b8c --- /dev/null +++ b/config/auth.ts
@@ -0,0 +1,263 @@
	1	/**
	2	* Config source: https://git.io/JY0mp
	3	*
	4	* Feel free to let us know via PR, if you find something broken in this config
	5	* file.
	6	*/
	7
	8	import { AuthConfig } from '@ioc:Adonis/Addons/Auth';
	9	import Env from '@ioc:Adonis/Core/Env';
	10	import { appKey, jwtUsePEM } from './app';
	11
	12	/*
	13	\|--------------------------------------------------------------------------
	14	\| Authentication Mapping
	15	\|--------------------------------------------------------------------------
	16	\|
	17	\| List of available authentication mapping. You must first define them
	18	\| inside the `contracts/auth.ts` file before mentioning them here.
	19	\|
	20	*/
	21	const authConfig: AuthConfig = {
	22	guard: 'web',
	23	guards: {
	24	/*
	25	\|--------------------------------------------------------------------------
	26	\| Web Guard
	27	\|--------------------------------------------------------------------------
	28	\|
	29	\| Web guard uses classic old school sessions for authenticating users.
	30	\| If you are building a standard web application, it is recommended to
	31	\| use web guard with session driver
	32	\|
	33	*/
	34	web: {
	35	driver: 'session',
	36
	37	provider: {
	38	/*
	39	\|--------------------------------------------------------------------------
	40	\| Driver
	41	\|--------------------------------------------------------------------------
	42	\|
	43	\| Name of the driver
	44	\|
	45	*/
	46	driver: 'lucid',
	47
	48	/*
	49	\|--------------------------------------------------------------------------
	50	\| Identifier key
	51	\|--------------------------------------------------------------------------
	52	\|
	53	\| The identifier key is the unique key on the model. In most cases specifying
	54	\| the primary key is the right choice.
	55	\|
	56	*/
	57	identifierKey: 'id',
	58
	59	/*
	60	\|--------------------------------------------------------------------------
	61	\| Uids
	62	\|--------------------------------------------------------------------------
	63	\|
	64	\| Uids are used to search a user against one of the mentioned columns. During
	65	\| login, the auth module will search the user mentioned value against one
	66	\| of the mentioned columns to find their user record.
	67	\|
	68	*/
	69	uids: ['email'],
	70
	71	/*
	72	\|--------------------------------------------------------------------------
	73	\| Model
	74	\|--------------------------------------------------------------------------
	75	\|
	76	\| The model to use for fetching or finding users. The model is imported
	77	\| lazily since the config files are read way earlier in the lifecycle
	78	\| of booting the app and the models may not be in a usable state at
	79	\| that time.
	80	\|
	81	*/
	82	model: () => import('App/Models/User'),
	83	},
	84	},
	85	/*
	86	\|--------------------------------------------------------------------------
	87	\| OAT Guard
	88	\|--------------------------------------------------------------------------
	89	\|
	90	\| OAT (Opaque access tokens) guard uses database backed tokens to authenticate
	91	\| HTTP request. This guard DOES NOT rely on sessions or cookies and uses
	92	\| Authorization header value for authentication.
	93	\|
	94	\| Use this guard to authenticate mobile apps or web clients that cannot rely
	95	\| on cookies/sessions.
	96	\|
	97	*/
	98	api: {
	99	driver: 'oat',
	100
	101	/*
	102	\|--------------------------------------------------------------------------
	103	\| Tokens provider
	104	\|--------------------------------------------------------------------------
	105	\|
	106	\| Uses SQL database for managing tokens. Use the "database" driver, when
	107	\| tokens are the secondary mode of authentication.
	108	\| For example: The Github personal tokens
	109	\|
	110	\| The foreignKey column is used to make the relationship between the user
	111	\| and the token. You are free to use any column name here.
	112	\|
	113	*/
	114	tokenProvider: {
	115	type: 'api',
	116	driver: 'database',
	117	table: 'tokens',
	118	foreignKey: 'user_id',
	119	},
	120
	121	provider: {
	122	/*
	123	\|--------------------------------------------------------------------------
	124	\| Driver
	125	\|--------------------------------------------------------------------------
	126	\|
	127	\| Name of the driver
	128	\|
	129	*/
	130	driver: 'lucid',
	131
	132	/*
	133	\|--------------------------------------------------------------------------
	134	\| Identifier key
	135	\|--------------------------------------------------------------------------
	136	\|
	137	\| The identifier key is the unique key on the model. In most cases specifying
	138	\| the primary key is the right choice.
	139	\|
	140	*/
	141	identifierKey: 'id',
	142
	143	/*
	144	\|--------------------------------------------------------------------------
	145	\| Uids
	146	\|--------------------------------------------------------------------------
	147	\|
	148	\| Uids are used to search a user against one of the mentioned columns. During
	149	\| login, the auth module will search the user mentioned value against one
	150	\| of the mentioned columns to find their user record.
	151	\|
	152	*/
	153	uids: ['email'],
	154
	155	/*
	156	\|--------------------------------------------------------------------------
	157	\| Model
	158	\|--------------------------------------------------------------------------
	159	\|
	160	\| The model to use for fetching or finding users. The model is imported
	161	\| lazily since the config files are read way earlier in the lifecycle
	162	\| of booting the app and the models may not be in a usable state at
	163	\| that time.
	164	\|
	165	*/
	166	model: () => import('App/Models/User'),
	167	},
	168	},
	169	/*
	170	\|--------------------------------------------------------------------------
	171	\| Basic Auth Guard
	172	\|--------------------------------------------------------------------------
	173	\|
	174	\| Uses Basic auth to authenticate an HTTP request. There is no concept of
	175	\| "login" and "logout" with basic auth. You just authenticate the requests
	176	\| using a middleware and browser will prompt the user to enter their login
	177	\| details
	178	\|
	179	*/
	180	basic: {
	181	driver: 'basic',
	182	realm: 'Login',
	183
	184	provider: {
	185	/*
	186	\|--------------------------------------------------------------------------
	187	\| Driver
	188	\|--------------------------------------------------------------------------
	189	\|
	190	\| Name of the driver
	191	\|
	192	*/
	193	driver: 'lucid',
	194
	195	/*
	196	\|--------------------------------------------------------------------------
	197	\| Identifier key
	198	\|--------------------------------------------------------------------------
	199	\|
	200	\| The identifier key is the unique key on the model. In most cases specifying
	201	\| the primary key is the right choice.
	202	\|
	203	*/
	204	identifierKey: 'id',
	205
	206	/*
	207	\|--------------------------------------------------------------------------
	208	\| Uids
	209	\|--------------------------------------------------------------------------
	210	\|
	211	\| Uids are used to search a user against one of the mentioned columns. During
	212	\| login, the auth module will search the user mentioned value against one
	213	\| of the mentioned columns to find their user record.
	214	\|
	215	*/
	216	uids: ['email'],
	217
	218	/*
	219	\|--------------------------------------------------------------------------
	220	\| Model
	221	\|--------------------------------------------------------------------------
	222	\|
	223	\| The model to use for fetching or finding users. The model is imported
	224	\| lazily since the config files are read way earlier in the lifecycle
	225	\| of booting the app and the models may not be in a usable state at
	226	\| that time.
	227	\|
	228	*/
	229	model: () => import('App/Models/User'),
	230	},
	231	},
	232	jwt: {
	233	driver: 'jwt',
	234	secret: jwtUsePEM ? undefined : appKey,
	235	algorithmJwt: jwtUsePEM ? undefined : 'HS256',
	236	publicKey: jwtUsePEM
	237	? Env.get('JWT_PUBLIC_KEY', '').replaceAll('\\n', '\n')
	238	: undefined,
	239	privateKey: jwtUsePEM
	240	? Env.get('JWT_PRIVATE_KEY', '').replaceAll('\\n', '\n')
	241	: undefined,
	242	persistJwt: true,
	243	// TODO: We should improve the following implementation as this is a security concern.
	244	// The following ts-expect-error is to set exp to undefined (JWT with no expiration)
	245	// @ts-expect-error
	246	jwtDefaultExpire: undefined,
	247	refreshTokenDefaultExpire: '10d',
	248	tokenProvider: {
	249	driver: 'database',
	250	table: 'jwt_tokens',
	251	foreignKey: 'user_id',
	252	},
	253	provider: {
	254	driver: 'lucid',
	255	identifierKey: 'id',
	256	uids: [],
	257	model: () => import('App/Models/User'),
	258	},
	259	},
	260	},
	261	};
	262
	263	export default authConfig;