Am new to feathersjs am try to do local auth in feathers while creating the service under users.class.js file where there. i don't know what to implement there so kindly guide me with this
const { Service } = require('feathers-mongoose');
exports.Users = class Users extends Service {
create(Users, email, username, password, role ) {
Users.created_at = new Date();
return super.create(Users, email, username, password, role );
}
update(id, Users, users) {
Users.updated_at = new Date();
return super.update(id, Users, users);
}
};
I’d look at the docs to learn more about services.
In Feathers, when you generate a service through the CLI, it creates three files.
service-name.class.js/.ts contains your service definition. Feathers operates everything in a CRUD fashion. So, you’ll see all the CRUD methods here. You can either define the service yourself, or use CLI to define it for you using an adaptor like Mongoose or Sequelize.
service-name.hooks.js/.ts contains all the hooks associated with this service. Feathers likes to keep your logic simple and clean, opting to do things like validation through reusable hooks instead of modifying the service logic directly. You said you wanted to add authentication to your service. This is where you would do it. In the before:[] hook section, add the authenticate(“jet”) hook your the methods you want to require authentication for.
service-name.service.js/.ts just handles service registration with the framework. Starting out, I wouldn’t mess around with this file much. It just performs some setup so the framework knows your service exists and attaches it to a specific route like /users.
Hope this helps.
Related
I am currently using 1.24.x and using LoginForm class and FauxRequest to login the remote (and create it locally if it doesn't exist) but this feature is being removed in 1.27.x so I am forced to write with a new standard using AuthManager and SessionMamager. I also will be upgrading to 1.31 as soon as LTS version of it comes out.
While reading, AuthManager and SessionManager, I just can't understand how can I authenticate external users. I also looked at the extension pluggableSSO which uses PluggableAuth but can't understand it as well.
Can someone please point me to a straightforward example of how can I authenticate a user if I have a user id and user name? and if that user doesn't exist, how can I create one and authenticate them locally?
Thanks
If someone like me who is very new to MediaWiki, there is a solution for SSO called PluggableAuth and Auth_Remoteuser.
I picked PluggableAuth which is implemented based on AuthManager and it is very easy to integrate.
All we need is to define a global variable $PluggableAuth_Class and implement the following methods in it:
public function authenticate( &$id, &$username, &$realname, &$email, &$errorMessage )
public function saveExtraAttributes( $id )
public function deauthenticate( User &$user )
More information can be found on:
PluggableAuth
Looking a bit through the feathers docs I understood that is based on services and hooks and that services have the events that also help to offer realtime sync between server and client.
As long as things are simple, as in docs I understand, basically having a service generated and then adding/saving/updating using the service methods will triggeer the event.
My scenario is a bit different:
The API endpoint does not return info from a table but complex queries based on multiple tables
I need to have background workers that do operations on the database,probably using Kue (if there's no better way inside feathers), when a worker finishes the job, I need to have a way to trigger the API service so it updates the clients with the new data.
How can I do this in feathers?
Both scenarios can be handled with Feathers like this:
Feathers services do not have to be tied to a table. You can implement a custom service just like you would in any other framework (controller). It is not uncommon to create Dashboard services that aggregates different service calls or uses service.Model to access the ORM you are using directly:
class MyService {
find(params) {
const userModel = this.app.service('users').Model;
const invoiceModel = this.app.service('invoices').Model;
return userModel.doSomething()
.then(data => invoiceModel.doSomethingElse());
}
setup(app, path) {
this.app = app;
}
}
Background workers should also be using the Feathers API (in Node this can be done by either using the application directly via const app = require('./src/app') or connecting transparently through Feathers as the client) so that all connected clients will get updates automatically. Then there should be no need to trigger events manually (which comes with caveats like having to also run your raw data through any hooks that change the data).
I am in the process of mapping an existing API (ebay REST API) to a feathers service and am trying to reason the best way to design the service. The API has multiple endpoints, each with their own GET, POST, etc:
/ebay/inventory/item
/ebay/inventory/location
/ebay/inventory/offer
/ebay/account/paymentPolicy
/ebay/account/returnPolicy
/ebay/account/fulfillmentPolicy
etc...
I would like to avoid having to create a service for each endpoint and wanted to know if its possible to have a single service, with CRUD for each endpoint. Something like below, each subdirectory would have get(), create(), etc for their corresponding endpoint:
services
ebay
inventory
item
location
...
account
...
The feathers scaffolding creates the following, so it seems like all I would need to do is add additional app.use('/ebay/inventory/xxx'). to the base ebay service. Does this look like a good way to go about this? If so, how does one add multiple endpoints to a single service?
...
module.exports = function(){
const app = this;
// Initialize our service with any options it requires
app.use('/ebay/inventory', new Service());
// Get our initialize service to that we can bind hooks
const ebayService = app.service('/ebay/inventory');
...
module.exports.Service = Service
In Express, it's very easy to block access to all routes starting, say, with the /admin prefix, simply by adding a middleware to that path before adding handlers for any specific endpoints under that path.
In Feathers, it looks like we have to create some common hook modules and add them to every service we created, individually. Same goes for event filters.
I find the thought of forgetting to add an authentication hook or event filter scary, because I wouldn't notice the mistake unless I reviewed all service initialization code or got hacked. In that sense, an Express middleware with some sort of white-listing I can easily implement for exceptional endpoints gives me much more peace of mind.
Is it possible to do something like that in Feathers?
(P.S.: I just noticed I had protected my app's REST API, but had forgotten to protect all real-time events).
As of v1.6.0 feathers-hooks supports application hooks that run on all services via app.hooks:
app.hooks({
before(hook) {
console.log('Global before hook');
},
after(hook) {
console.log('Global after hook');
},
error(hook) {
console.error(`Error in ${hook.path} method ${hook.method}`, hook.error.stack);
}
});
For more examples see this blog post about error and application hooks.
As for the real-time events, channels are used which provide a safe way to send events only to the clients that should see them.
I want a Node.js service to authenticate the user of my website. How can I do this?
I want to implement Everyauth authentication using the simple password method, not OpenID.
I tried https://github.com/jimpick/everyauth-example-password and it works.
I want to use the database to store. This script does not use a database. I have used MySQL in past so I prefer that but I am ok with anything else as well such as MongoDB.
I just want to add database to my script. Please help.
You only need to modify .authenticate method. Since connecting to database is (or should be) an asynchronous operation, then you need to add promise object (see everyauth documentation).
Assuming you have some ORM with user data corresponding to user object with username and password attributes (in my example I'll use mongoose engine), this is how it may look:
.authenticate( function (login, password) {
var promise = this.Promise(); /* setup promise object */
/* asynchrnously connect to DB and retrieve the data for authentication */
db.find({ username:login }, function(err, user) {
if (err)
return promise.fulfill([err]);
if ((!user) || (user.password != password))
return promise.fulfill(['Incorrect username or password!']);
promise.fulfill(user);
});
return promise; /* return promise object */
})
I didn't test it, but according to the documentation it should work. Remember that errors are supposed to be held in array.
By the way: if you are using only the password method, then there is no need to, you know, use a cannon against a fly. :) Writing your own (not necessarly perfect, but working) authentication mechanism is really simple and if you don't know how to do this you should learn it. It will benefit in the future, because authentication and security in general are very important in every web app.