194 lines
8.1 KiB
Org Mode
194 lines
8.1 KiB
Org Mode
#+title: Auth Notes
|
|
* starting the pocketbase as framework
|
|
https://pocketbase.io/docs/go-overview/
|
|
* plan
|
|
** DONE start pocketbase
|
|
** DONE add middlewares for cookie session
|
|
** DONE add index page, that will have either "current user" or 'login' link
|
|
*** DONE let's add some content that only opens up when person is authed
|
|
*** DONE also, how do i logout?
|
|
separate route that deleted the cookie i guess.
|
|
since auth is a jwt which would expire on its own
|
|
and htmx get thingy, and reload i guess?
|
|
** DONE 'login' link should open dialog with oauth providers
|
|
so, i want a window with available oauth providers,
|
|
to trigger the js code from example
|
|
https://pocketbase.io/docs/authentication/
|
|
( all in one, recommended )
|
|
|
|
let's get configured providers in the go code,
|
|
add as slice of strings, and in template create buttons for each of those
|
|
with js code from the example
|
|
*** DONE in template range over enabled providers to create buttons for each
|
|
*** DONE make dialog show on click of some element
|
|
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/dialog
|
|
** DONE i guess i would also like to send htmx event for reloading the page
|
|
on successful auth?
|
|
now, why would logout work, and login not work?
|
|
|
|
eh, let's go back on body doing the hx-get on event?
|
|
|
|
maybe this is because of open dialog
|
|
*** wait, maybe then returning from other auth middlewares will work
|
|
no.
|
|
for some reason
|
|
#+begin_src go
|
|
e.HttpContext.Response().Header().Add("HX-Trigger", "auth-change-event")
|
|
#+end_src
|
|
|
|
this header when returned with response to request triggered by js, doesn't result in event being triggered,
|
|
ok, i guess
|
|
*** so yeah, uglier that i wanted
|
|
wanted to have hx-get="/" hx-trigger="auth-change-event"
|
|
and send these events from all auth middleware methods
|
|
|
|
https://htmx.org/docs/#response-headers
|
|
|
|
but on auth success, even though header is present in the response, no event is triggered
|
|
( checked with event listener in console )
|
|
so, yup. coupling between js code of oauth, middlewares and body tag. this seems like too much.
|
|
|
|
but it somewhat works
|
|
|
|
** DONE add one more page that checks auth
|
|
and let's use existing middleware from framework documentation
|
|
|
|
with hx-boost things are well,
|
|
but i also need header as fragment, so that opening in new tab would work.
|
|
and all js imports and libraries that are required by all pages, should be in all templates
|
|
|
|
** DONE i suppose there has to be a base template then
|
|
and now all since base template has Nav,
|
|
i need to provide attibutes which are used there, huh
|
|
well. hmmmmm. yeah, i guess
|
|
** DONE add tailwind styling
|
|
and wgo command should move from
|
|
wgo -file=.gohtml -file=.go go run . serve
|
|
|
|
to
|
|
wgo -verbose -file=.go -file=.gohtml -file=tailwind.config.js tailwindcss -i ./pages/input.css -o pages/static/public/out.css :: go run . serve
|
|
*** DONE style pages
|
|
*** DONE style dialog
|
|
|
|
** DONE i guess i'll want a makefile?
|
|
then wgo could be build with makefile and run
|
|
and nix packaging could be more straightforward, and not too prohibitive to those who don't use nix
|
|
*** it seems that with MakeFile i could have go code depend on tailwind output
|
|
and not have other way around,
|
|
it should speed up the restart of the service in cases where only go code has changed.
|
|
|
|
also - i think i can have different build and run for go code, so yeah
|
|
*** allright, it looks like people also do that
|
|
https://www.alexedwards.net/blog/a-time-saving-makefile-for-your-go-projects
|
|
*** some helpful things:
|
|
https://makefiletutorial.com/
|
|
|
|
example of things for go
|
|
https://earthly.dev/blog/golang-makefile/
|
|
https://www.alexedwards.net/blog/a-time-saving-makefile-for-your-go-projects
|
|
and i guess i could also search online for tailwindcss Makefile examples and tips
|
|
|
|
** DONE package static into single binary
|
|
i guess already done?
|
|
** DONE write nix build
|
|
and it should be even easier with a Makefile?
|
|
|
|
https://ryantm.github.io/nixpkgs/stdenv/stdenv/
|
|
|
|
simple stdenv.mkDerivation calls generic builder which uses Makefile
|
|
|
|
now i have a problem with using go build in a homeless-shelter
|
|
> failed to initialize build cache at /homeless-shelter/.cache/go-build: mkdir /homeless-shelter: permission denied
|
|
*** well, especially with go.mod dependencies i'd need to use buildGoModule
|
|
but
|
|
[efim@chunky:~/Documents/personal/go-learning/auth-pocketbase-attempt]$ ./result/bin/auth-pocketbase-attempt serve
|
|
2023/10/07 04:05:56 mkdir result/bin/pb_data: read-only file system
|
|
|
|
so, i need to pass some place in tmp? this is probably pocketbase settings, hopefully as command line argument
|
|
|
|
https://nixos.org/manual/nixpkgs/stable/#sec-language-go
|
|
https://nixos.wiki/wiki/Go
|
|
|
|
so, if i call executable from somewhere, it looks for pb_data in current directory
|
|
|
|
but then for some reason
|
|
[efim@chunky:~/Documents/personal/go-learning/auth-pocketbase-attempt]$ ./result/bin/auth-pocketbase-attempt serve
|
|
2023/10/08 06:37:19 mkdir result/bin/pb_data: read-only file system
|
|
|
|
here it tries to init pb_data near the binary
|
|
|
|
this works:
|
|
[efim@chunky:~/Documents/personal/go-learning/auth-pocketbase-attempt]$ ./result/bin/auth-pocketbase-attempt serve --dir=./pb_data
|
|
|
|
*** oh, i don't need to specify location of migrations.
|
|
because they are static. and should be just present in the nix store
|
|
|
|
and --dir is already built in. nice
|
|
|
|
well, i don't see any pb_migrations in my project directory even though,
|
|
i'm creating and updating the table
|
|
maybe it's all in pb_data now?
|
|
|
|
if now - i'll need to add something like
|
|
#+begin_src nix
|
|
postBuild = ''
|
|
cp pb_migration $out/bin/pb_migration
|
|
'';
|
|
#+end_src
|
|
|
|
*** so, if using as framework migrations are not automatically enabled?
|
|
https://github.com/pocketbase/pocketbase/discussions/2218
|
|
|
|
https://pocketbase.io/docs/go-migrations/#enable-go-migrations
|
|
The prebuilt executable enables the migrate command by default, but when you are extending PocketBase with Go you have to enable it manually
|
|
*** now `nix build` produces the binary capable to run the site
|
|
and
|
|
#+begin_src bash
|
|
./result/bin/auth-pocketbase-attempt serve --dir=./pb_data
|
|
#+end_src
|
|
is what i need for it to pick up pb_data from work directory, cool
|
|
|
|
** TODO write nixos module
|
|
need to pass data and migration location as params
|
|
and address on which to serve, cool
|
|
i suppose
|
|
but also nginx settins at the same time
|
|
*** this is behavior of specifying the host and port:
|
|
[efim@chunky:~/Documents/personal/go-learning/auth-pocketbase-attempt]$ sudo ./result/bin/auth-pocketbase-attempt serve --https=127.0.0.1:8090 --dir=./pb_data
|
|
2023/10/08 12:58:04 Server started at https://127.0.0.1:8090
|
|
├─ REST API: https://127.0.0.1:8090/api/
|
|
└─ Admin UI: https://127.0.0.1:8090/_/
|
|
^C
|
|
[efim@chunky:~/Documents/personal/go-learning/auth-pocketbase-attempt]$ sudo ./result/bin/auth-pocketbase-attempt serve 127.0.0.1:8090 --dir=./pb_data
|
|
2023/10/08 12:58:15 Server started at https://127.0.0.1:8090
|
|
├─ REST API: https://127.0.0.1:8090/api/
|
|
└─ Admin UI: https://127.0.0.1:8090/_/
|
|
^C
|
|
[efim@chunky:~/Documents/personal/go-learning/auth-pocketbase-attempt]$ sudo ./result/bin/auth-pocketbase-attempt serve --http=127.0.0.1:8090 --dir=./pb_data
|
|
2023/10/08 12:58:20 Server started at http://127.0.0.1:8090
|
|
├─ REST API: http://127.0.0.1:8090/api/
|
|
└─ Admin UI: http://127.0.0.1:8090/_/
|
|
*** by default - if host is present, serving on https.
|
|
cool
|
|
|
|
oh, but if i'm using nginx i'll need my own certificate, that makes sence
|
|
*** maybe things are ok?
|
|
let's try to plaintext deploy?
|
|
|
|
|
|
** TODO add docker image from nix
|
|
*** TODO add cli for port and host
|
|
** TODO add readme and comments
|
|
** TODO configure tls / ssl / https on franzk deployment
|
|
can it be configured on render.com?
|
|
** TODO maybe add middleware so that 401 would be a page, and not json
|
|
** TODO get icons for the auth providers. surely they are accessible from the pocketbase itself?
|
|
http://localhost:8090/_/images/oauth2/apple.svg
|
|
yes.
|
|
** TODO figure out and enbale migrations
|
|
https://pocketbase.io/docs/go-migrations/#enable-go-migrations
|
|
|
|
if i understood correctly, when i enable migration generation
|
|
i would be able to modify locally run instance via admin interface,
|
|
go files with migration would be generated, i'll have to import them somewhere in my main module, and then after building/packaging when i run `serve` on production the migrations would run on the production data
|