Add auth #70
Comments
pwbriggs
added
todo
|
Eh, we could simplify that workflow: just refuse to start if no admin exists (or one does but the .env token is defined). We still need something for creating an actual account with the token, but it removes the need for an expensive query more often than I'd like. While some setups (cloud providers, etc.) mightn't allow interaction with a CLI, anything reasonable would at least display an error message we print on startup. |
|
So here's an idea: we create a "one-time token" credential.1 This can be used for user creations (and password resets) in general, but also to bootstrap the initial admin account. Then we can just generate a token on startup if there isn't an admin, and hopefully figure out a clean way to close down the server and politely refuse regular user traffic with some awkward error page. Footnotes
|
Implement authorization and user creation.
Libraries are different from many other systems in that accounts cannot be created by just anybody. A librarian (or admin) needs to create user accounts for the patrons. Likewise, an admin creates librarian accounts (or rather, elevates the permissions of a patron).
But then where do admins come from?
My best idea so far is to have some config (.env file?) with an initial admin password. Somewhere on the site (probably root route or login page) we do the following:
SETUP_PASSWORDentry to the config file."Problem is, the vast majority of the time will be the happy path, so how do we avoid unnecessary requests? Can we run the database query only on server startup?
It would be nice if this could just be prompted on server startup. However, some setups might not allow interaction with the command line of the deployment machine.
The text was updated successfully, but these errors were encountered: