diff options
Diffstat (limited to 'config/auth.ts')
-rw-r--r-- | config/auth.ts | 263 |
1 files changed, 263 insertions, 0 deletions
diff --git a/config/auth.ts b/config/auth.ts new file mode 100644 index 0000000..28a9b8c --- /dev/null +++ b/config/auth.ts | |||
@@ -0,0 +1,263 @@ | |||
1 | /** | ||
2 | * Config source: https://git.io/JY0mp | ||
3 | * | ||
4 | * Feel free to let us know via PR, if you find something broken in this config | ||
5 | * file. | ||
6 | */ | ||
7 | |||
8 | import { AuthConfig } from '@ioc:Adonis/Addons/Auth'; | ||
9 | import Env from '@ioc:Adonis/Core/Env'; | ||
10 | import { appKey, jwtUsePEM } from './app'; | ||
11 | |||
12 | /* | ||
13 | |-------------------------------------------------------------------------- | ||
14 | | Authentication Mapping | ||
15 | |-------------------------------------------------------------------------- | ||
16 | | | ||
17 | | List of available authentication mapping. You must first define them | ||
18 | | inside the `contracts/auth.ts` file before mentioning them here. | ||
19 | | | ||
20 | */ | ||
21 | const authConfig: AuthConfig = { | ||
22 | guard: 'web', | ||
23 | guards: { | ||
24 | /* | ||
25 | |-------------------------------------------------------------------------- | ||
26 | | Web Guard | ||
27 | |-------------------------------------------------------------------------- | ||
28 | | | ||
29 | | Web guard uses classic old school sessions for authenticating users. | ||
30 | | If you are building a standard web application, it is recommended to | ||
31 | | use web guard with session driver | ||
32 | | | ||
33 | */ | ||
34 | web: { | ||
35 | driver: 'session', | ||
36 | |||
37 | provider: { | ||
38 | /* | ||
39 | |-------------------------------------------------------------------------- | ||
40 | | Driver | ||
41 | |-------------------------------------------------------------------------- | ||
42 | | | ||
43 | | Name of the driver | ||
44 | | | ||
45 | */ | ||
46 | driver: 'lucid', | ||
47 | |||
48 | /* | ||
49 | |-------------------------------------------------------------------------- | ||
50 | | Identifier key | ||
51 | |-------------------------------------------------------------------------- | ||
52 | | | ||
53 | | The identifier key is the unique key on the model. In most cases specifying | ||
54 | | the primary key is the right choice. | ||
55 | | | ||
56 | */ | ||
57 | identifierKey: 'id', | ||
58 | |||
59 | /* | ||
60 | |-------------------------------------------------------------------------- | ||
61 | | Uids | ||
62 | |-------------------------------------------------------------------------- | ||
63 | | | ||
64 | | Uids are used to search a user against one of the mentioned columns. During | ||
65 | | login, the auth module will search the user mentioned value against one | ||
66 | | of the mentioned columns to find their user record. | ||
67 | | | ||
68 | */ | ||
69 | uids: ['email'], | ||
70 | |||
71 | /* | ||
72 | |-------------------------------------------------------------------------- | ||
73 | | Model | ||
74 | |-------------------------------------------------------------------------- | ||
75 | | | ||
76 | | The model to use for fetching or finding users. The model is imported | ||
77 | | lazily since the config files are read way earlier in the lifecycle | ||
78 | | of booting the app and the models may not be in a usable state at | ||
79 | | that time. | ||
80 | | | ||
81 | */ | ||
82 | model: () => import('App/Models/User'), | ||
83 | }, | ||
84 | }, | ||
85 | /* | ||
86 | |-------------------------------------------------------------------------- | ||
87 | | OAT Guard | ||
88 | |-------------------------------------------------------------------------- | ||
89 | | | ||
90 | | OAT (Opaque access tokens) guard uses database backed tokens to authenticate | ||
91 | | HTTP request. This guard DOES NOT rely on sessions or cookies and uses | ||
92 | | Authorization header value for authentication. | ||
93 | | | ||
94 | | Use this guard to authenticate mobile apps or web clients that cannot rely | ||
95 | | on cookies/sessions. | ||
96 | | | ||
97 | */ | ||
98 | api: { | ||
99 | driver: 'oat', | ||
100 | |||
101 | /* | ||
102 | |-------------------------------------------------------------------------- | ||
103 | | Tokens provider | ||
104 | |-------------------------------------------------------------------------- | ||
105 | | | ||
106 | | Uses SQL database for managing tokens. Use the "database" driver, when | ||
107 | | tokens are the secondary mode of authentication. | ||
108 | | For example: The Github personal tokens | ||
109 | | | ||
110 | | The foreignKey column is used to make the relationship between the user | ||
111 | | and the token. You are free to use any column name here. | ||
112 | | | ||
113 | */ | ||
114 | tokenProvider: { | ||
115 | type: 'api', | ||
116 | driver: 'database', | ||
117 | table: 'tokens', | ||
118 | foreignKey: 'user_id', | ||
119 | }, | ||
120 | |||
121 | provider: { | ||
122 | /* | ||
123 | |-------------------------------------------------------------------------- | ||
124 | | Driver | ||
125 | |-------------------------------------------------------------------------- | ||
126 | | | ||
127 | | Name of the driver | ||
128 | | | ||
129 | */ | ||
130 | driver: 'lucid', | ||
131 | |||
132 | /* | ||
133 | |-------------------------------------------------------------------------- | ||
134 | | Identifier key | ||
135 | |-------------------------------------------------------------------------- | ||
136 | | | ||
137 | | The identifier key is the unique key on the model. In most cases specifying | ||
138 | | the primary key is the right choice. | ||
139 | | | ||
140 | */ | ||
141 | identifierKey: 'id', | ||
142 | |||
143 | /* | ||
144 | |-------------------------------------------------------------------------- | ||
145 | | Uids | ||
146 | |-------------------------------------------------------------------------- | ||
147 | | | ||
148 | | Uids are used to search a user against one of the mentioned columns. During | ||
149 | | login, the auth module will search the user mentioned value against one | ||
150 | | of the mentioned columns to find their user record. | ||
151 | | | ||
152 | */ | ||
153 | uids: ['email'], | ||
154 | |||
155 | /* | ||
156 | |-------------------------------------------------------------------------- | ||
157 | | Model | ||
158 | |-------------------------------------------------------------------------- | ||
159 | | | ||
160 | | The model to use for fetching or finding users. The model is imported | ||
161 | | lazily since the config files are read way earlier in the lifecycle | ||
162 | | of booting the app and the models may not be in a usable state at | ||
163 | | that time. | ||
164 | | | ||
165 | */ | ||
166 | model: () => import('App/Models/User'), | ||
167 | }, | ||
168 | }, | ||
169 | /* | ||
170 | |-------------------------------------------------------------------------- | ||
171 | | Basic Auth Guard | ||
172 | |-------------------------------------------------------------------------- | ||
173 | | | ||
174 | | Uses Basic auth to authenticate an HTTP request. There is no concept of | ||
175 | | "login" and "logout" with basic auth. You just authenticate the requests | ||
176 | | using a middleware and browser will prompt the user to enter their login | ||
177 | | details | ||
178 | | | ||
179 | */ | ||
180 | basic: { | ||
181 | driver: 'basic', | ||
182 | realm: 'Login', | ||
183 | |||
184 | provider: { | ||
185 | /* | ||
186 | |-------------------------------------------------------------------------- | ||
187 | | Driver | ||
188 | |-------------------------------------------------------------------------- | ||
189 | | | ||
190 | | Name of the driver | ||
191 | | | ||
192 | */ | ||
193 | driver: 'lucid', | ||
194 | |||
195 | /* | ||
196 | |-------------------------------------------------------------------------- | ||
197 | | Identifier key | ||
198 | |-------------------------------------------------------------------------- | ||
199 | | | ||
200 | | The identifier key is the unique key on the model. In most cases specifying | ||
201 | | the primary key is the right choice. | ||
202 | | | ||
203 | */ | ||
204 | identifierKey: 'id', | ||
205 | |||
206 | /* | ||
207 | |-------------------------------------------------------------------------- | ||
208 | | Uids | ||
209 | |-------------------------------------------------------------------------- | ||
210 | | | ||
211 | | Uids are used to search a user against one of the mentioned columns. During | ||
212 | | login, the auth module will search the user mentioned value against one | ||
213 | | of the mentioned columns to find their user record. | ||
214 | | | ||
215 | */ | ||
216 | uids: ['email'], | ||
217 | |||
218 | /* | ||
219 | |-------------------------------------------------------------------------- | ||
220 | | Model | ||
221 | |-------------------------------------------------------------------------- | ||
222 | | | ||
223 | | The model to use for fetching or finding users. The model is imported | ||
224 | | lazily since the config files are read way earlier in the lifecycle | ||
225 | | of booting the app and the models may not be in a usable state at | ||
226 | | that time. | ||
227 | | | ||
228 | */ | ||
229 | model: () => import('App/Models/User'), | ||
230 | }, | ||
231 | }, | ||
232 | jwt: { | ||
233 | driver: 'jwt', | ||
234 | secret: jwtUsePEM ? undefined : appKey, | ||
235 | algorithmJwt: jwtUsePEM ? undefined : 'HS256', | ||
236 | publicKey: jwtUsePEM | ||
237 | ? Env.get('JWT_PUBLIC_KEY', '').replaceAll('\\n', '\n') | ||
238 | : undefined, | ||
239 | privateKey: jwtUsePEM | ||
240 | ? Env.get('JWT_PRIVATE_KEY', '').replaceAll('\\n', '\n') | ||
241 | : undefined, | ||
242 | persistJwt: true, | ||
243 | // TODO: We should improve the following implementation as this is a security concern. | ||
244 | // The following ts-expect-error is to set exp to undefined (JWT with no expiration) | ||
245 | // @ts-expect-error | ||
246 | jwtDefaultExpire: undefined, | ||
247 | refreshTokenDefaultExpire: '10d', | ||
248 | tokenProvider: { | ||
249 | driver: 'database', | ||
250 | table: 'jwt_tokens', | ||
251 | foreignKey: 'user_id', | ||
252 | }, | ||
253 | provider: { | ||
254 | driver: 'lucid', | ||
255 | identifierKey: 'id', | ||
256 | uids: [], | ||
257 | model: () => import('App/Models/User'), | ||
258 | }, | ||
259 | }, | ||
260 | }, | ||
261 | }; | ||
262 | |||
263 | export default authConfig; | ||