These are chat archives for waterlock/waterlock

10th
Sep 2015
Mike DeVita
@mikedevita
Sep 10 2015 16:22
@ryd0rz right now waterlock uses sessions and a jwt is issued by calling /user/jwt. you can see the Requesting Tokens section in the docs.
Mike DeVita
@mikedevita
Sep 10 2015 16:30
Personally I think that when a user logins in, they should get back a token automatically..
and sessions should be an optional thing. /shrug
ryd0rz
@ryd0rz
Sep 10 2015 16:57
Ah, ok thanks for that vote of confidence. @mikedevita
Kris Williams
@kriswill
Sep 10 2015 23:03
@mikedevita it has to do with sails.js hard-wiring session into many of their mainline routines.
ryd0rz
@ryd0rz
Sep 10 2015 23:17
i've forked and updated /user/jwt to return user if you supply access_token header
so just set config: { login: { success: 'jwt' }} - so it returns the token, then just include the token in your /user/jwt, and it will return user associated with token.
This is not merged though
Mike DeVita
@mikedevita
Sep 10 2015 23:19
ah that makes sense
so youre changing up whats called when login is successful
ryd0rz
@ryd0rz
Sep 10 2015 23:19
well, I haven't changed /auth/login
when you set the login success to 'jwt', default behavior is to return token.
Mike DeVita
@mikedevita
Sep 10 2015 23:20
right but youre changing the config to say run jwt on success
ryd0rz
@ryd0rz
Sep 10 2015 23:20
yeah true
Mike DeVita
@mikedevita
Sep 10 2015 23:20
interesting
ryd0rz
@ryd0rz
Sep 10 2015 23:20
I was gonna change that too, but once i got in the code I saw a comment or something saying how to do that
Mike DeVita
@mikedevita
Sep 10 2015 23:21
i wonder, is there plan to do authorizations in waterlock?
like sails-permissions
ryd0rz
@ryd0rz
Sep 10 2015 23:21
well, i'm doing auth via simple jwt... i may build a waterlock-app-auth module
since auth is just modularized
so you can use secret keys
Mike DeVita
@mikedevita
Sep 10 2015 23:22
i mean roles and such
in the past ive used JWT for simple stuff
authentication with user/pass, and provide a JWT.. then thats passed back and forth..
ryd0rz
@ryd0rz
Sep 10 2015 23:23
yeah, that'd be nice for user
Mike DeVita
@mikedevita
Sep 10 2015 23:23
and right now, i have like an AdminPolicy which checks the accesslevel from the User model
but its hard coded
ryd0rz
@ryd0rz
Sep 10 2015 23:23
kind of like how .net does it, would be nice...
Mike DeVita
@mikedevita
Sep 10 2015 23:23
and i use policies.js to control it.
so UserController -> find has the AdminPolicy..
etc
but that seems. .. clumsy a bit
ryd0rz
@ryd0rz
Sep 10 2015 23:24
Ah, nice, i'm not there yet, but nice.
Mike DeVita
@mikedevita
Sep 10 2015 23:24
i like how Sails-permissions does it.
ryd0rz
@ryd0rz
Sep 10 2015 23:24
I wasn't aware waterlock didn't have it
Mike DeVita
@mikedevita
Sep 10 2015 23:24
you have a Role model, and a RolePolicy... you define roles in the db for models and routes..
and associate those roles to users.
ryd0rz
@ryd0rz
Sep 10 2015 23:24
so similiar to .net, cool
Mike DeVita
@mikedevita
Sep 10 2015 23:24
the RolePolicy does the lookup and logic.
similar to like oauth and facebook... where apps have to have certain privileges...
ryd0rz
@ryd0rz
Sep 10 2015 23:25
yeah. i see...
Mike DeVita
@mikedevita
Sep 10 2015 23:26
i thought about writing a custom example of this thats similar to sails-permissions and waterlock but doesnt use sessions..
ryd0rz
@ryd0rz
Sep 10 2015 23:26
I may use your method of coding in policies.js when I get there, thanks for that :)
that'd be awesome
Mike DeVita
@mikedevita
Sep 10 2015 23:28
ill be back after a bit
ryd0rz
@ryd0rz
Sep 10 2015 23:29
k thanks, ttyl