Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Simple authentication (Wildcard sessions)

See original GitHub issue

The idea is to allow the server to modify the context:

server.login = async function(username, password) {
   if (await invalidCredentials(username, password)) {
     return;
   }

   // `this.user` is persisted
   this.user = {
     username,
   };

   // The user is now logged-in!
};

server.getUserPosts = async function() {
  // `this.user` was set by a previous `server.login` call
  const {user} = this;

  if (!user) {
    // Not logged-in
    return;
  }

  // The user is logged-in!

  const posts = await db.getUserPosts(user);

  // ...
};

~~~ EDIT ~~~

What happens here is that Wildcard sets a first cookie with the value of this.user and a second cookie with a signature.

Cookie Name Cookie Value
wildcard_user {“username”:“brillout”}
wildcard-signature_user 60a3939232aehua12031389e99d52977e1c282

The signature ensures that the cookie was set by the server.

Wildcard sessions can be used to easily implement any auth strategy:

// Username + password
server.login = function(username, password) {
  if (await invalidCredentials(username, password)) return;
  this.user = { username }; // Wildcard will automatically persist `this.user` by using HTTP cookies
};

// OAuth
server.oauthCallback = function(userProfile) {
   // At the end of the OAuth flow, we save the user information to the context object
   this.user = userProfile; // Wildcard will automatically persist `this.user` by using HTTP cookies
};

// Etc.

I’ve already implemented a first prototype which I’m currently using in production.

Issue Analytics

  • State:open
  • Created 3 years ago
  • Comments:12 (11 by maintainers)

github_iconTop GitHub Comments

2reactions
brilloutcommented, Oct 29, 2020

Wildcard Sessions only does session management; you can use it with any auth strategy:

// Username + password
server.login = function(username, password) {
  if (await invalidCredentials(username, password)) return;
  this.user = { username }; // Wildcard will automatically persist `this.user` by using HTTP cookies
};

// OAuth
server.oauthCallback = function(userProfile) {
   // At the end of the OAuth flow, we save the user information to the context object
   this.user = userProfile; // Wildcard will automatically persist `this.user` by using HTTP cookies
};

// Etc.

Instead of dealing with cookies you simply deal with reading/writing the context object.

1reaction
michie1commented, Oct 23, 2020

https://github.com/reframejs/wildcard-api/pull/58#issuecomment-711412477

I’m curious, you mentioned a while ago using getContext to set cookies, are you still using that approach? What do you think of #59?

I’m only using it in a small inactive pet project, but yes. Besides putting data in the context from Express, I’m also putting functions in it. It works fine. I think it’s nicer to assign the those functions to the context than to the server object. If you read the code you would think the functions are provided by the library, because server is imported from the library.

I would prefer to move Wildcard sessions to its own plugin/library, because I would prefer to handle those things myself, although it’s definitely a nice idea to showcase Wildcard and have some authentication running quickly.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Large companies to pay a small amount · Issue #56 · brillout ...
So you only pay if you are a larger company using Wildcard for larger projects. ... Wildcard sessions, for simple authentication Simple authentication...
Read more >
3 Implementing WebRTC Session Controller Security
With basic authentication, a client requests access to a protected resource. The web server displays a login screen that requests the user name...
Read more >
New-CimSession (CimCmdlets) - PowerShell | Microsoft Learn
The New-CimSession cmdlet creates a CIM session. A CIM session is a client-side object representing a connection to a local computer or a...
Read more >
Creating Login Pages for Secure Application Access - AskF5
Session awareness provides tracking information of user sessions so that you can investigate suspicious activity and the attacker. Brute force protection ...
Read more >
CORS: Cannot use wildcard in Access-Control-Allow-Origin ...
This is a part of security, you cannot do that. If you want to allow credentials then your Access-Control-Allow-Origin must not use *...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Getting Stuck with Apollo

Next page

[typescript] How to type the context?