78 lines
3.0 KiB
Org Mode
78 lines
3.0 KiB
Org Mode
#+title: Auth Notes
|
|
* starting the pocketbase as framework
|
|
https://pocketbase.io/docs/go-overview/
|
|
* plan
|
|
** DONE start pocketbase
|
|
** DONE add middlewares for cookie session
|
|
** DONE add index page, that will have either "current user" or 'login' link
|
|
*** DONE let's add some content that only opens up when person is authed
|
|
*** DONE also, how do i logout?
|
|
separate route that deleted the cookie i guess.
|
|
since auth is a jwt which would expire on its own
|
|
and htmx get thingy, and reload i guess?
|
|
** DONE 'login' link should open dialog with oauth providers
|
|
so, i want a window with available oauth providers,
|
|
to trigger the js code from example
|
|
https://pocketbase.io/docs/authentication/
|
|
( all in one, recommended )
|
|
|
|
let's get configured providers in the go code,
|
|
add as slice of strings, and in template create buttons for each of those
|
|
with js code from the example
|
|
*** DONE in template range over enabled providers to create buttons for each
|
|
*** DONE make dialog show on click of some element
|
|
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/dialog
|
|
** DONE i guess i would also like to send htmx event for reloading the page
|
|
on successful auth?
|
|
now, why would logout work, and login not work?
|
|
|
|
eh, let's go back on body doing the hx-get on event?
|
|
|
|
maybe this is because of open dialog
|
|
*** wait, maybe then returning from other auth middlewares will work
|
|
no.
|
|
for some reason
|
|
#+begin_src go
|
|
e.HttpContext.Response().Header().Add("HX-Trigger", "auth-change-event")
|
|
#+end_src
|
|
|
|
this header when returned with response to request triggered by js, doesn't result in event being triggered,
|
|
ok, i guess
|
|
*** so yeah, uglier that i wanted
|
|
wanted to have hx-get="/" hx-trigger="auth-change-event"
|
|
and send these events from all auth middleware methods
|
|
|
|
https://htmx.org/docs/#response-headers
|
|
|
|
but on auth success, even though header is present in the response, no event is triggered
|
|
( checked with event listener in console )
|
|
so, yup. coupling between js code of oauth, middlewares and body tag. this seems like too much.
|
|
|
|
but it somewhat works
|
|
|
|
** DONE add one more page that checks auth
|
|
and let's use existing middleware from framework documentation
|
|
|
|
with hx-boost things are well,
|
|
but i also need header as fragment, so that opening in new tab would work.
|
|
and all js imports and libraries that are required by all pages, should be in all templates
|
|
|
|
** DONE i suppose there has to be a base template then
|
|
and now all since base template has Nav,
|
|
i need to provide attibutes which are used there, huh
|
|
well. hmmmmm. yeah, i guess
|
|
** TODO add tailwind styling
|
|
** TODO package static into single binary
|
|
i guess already done?
|
|
** TODO write nix build
|
|
** TODO write nixos module
|
|
** TODO add docker image from nix
|
|
*** TODO add cli for port and host
|
|
** TODO add readme and comments
|
|
** TODO configure tls / ssl / https on franzk deployment
|
|
can it be configured on render.com?
|
|
** TODO maybe add middleware so that 401 would be a page, and not json
|
|
** TODO i guess i'll want a makefile?
|
|
then wgo could be build with makefile and run
|
|
and nix packaging could be more straightforward, and not too prohibitive to those who don't use nix
|