README
¶
Postgrest-auth
This project is inspired of postgrest-auth. But it's writting in golang, it's actively maintained, and email are using the hermes library to be prettier.
The goal of this project is to provide the whole authentication features for a postgrest-prowered API. It must be deployed alongside your API and share the same jwt secret with your postgrest instance.
Installation
Using docker:
docker run -p 3001:3001 \
-e POSTGREST_AUTH_DB_CONNECTIONSTRING=postgres://user:pass@localhost/db \
-e POSTGREST_AUTH_EMAIL_AUTH_PASS=pass \
[...]
alexandrevilain/postgrest-auth
API
Sign in
POST /signin
curl -X POST http://localhost:3001/signin \
-H 'Content-Type: application/json' \
-d '{ "email": "myemail@me.com", "password": "password" }'
Sign up
POST /signup
curl -X POST http://localhost:3001/signup \
-H 'Content-Type: application/json' \
-d '{ "email": "myemail@me.com", "password": "password" }'
Confirm email address
GET /confirm/{id}?token={token}
Ask for password reset
POST /reset
curl -X POST http://localhost:3001/reset \
-H 'Content-Type: application/json' \
-d '{ "email": "myemail@me.com" }'
Reset password
POST /reset/:token
curl -X POST http://localhost:3001/reset/{token} \
-H 'Content-Type: application/json' \
-d '{ "password": "mynewpassword" }'
Google Sign in
POST /provider/google
curl -X POST \
http://localhost:3001/provider/google \
-H 'Content-Type: application/json' \
-d '{
"token": "<google access token>",
"state":"<state defined in config>"
}'
Facebook Sign in
POST /provider/facebook
curl -X POST \
http://localhost:3001/provider/facebook \
-H 'Content-Type: application/json' \
-d '{
"token": "<facebook access token>",
"state":"<state defined in config>"
}'
Configuration
Many environment variables are availables to custom your postgrest-auth instance:
| Name | Description | Default |
|---|---|---|
| POSTGREST_AUTH_API_PORT | The listening port of the service | 3001 |
| POSTGREST_AUTH_API_TOKEN | The secret used to create the reset password token | supersecret |
| POSTGREST_AUTH_LINKS_RESET | The reset password link sent by email ("%v" will be replaced with the token) | http://localhost/reset/%v |
| POSTGREST_AUTH_LINKS_CONFIRM | The confirm account link sent by email (The first %v will be replaced by the user's id and the second %v will be replaced by the confirm token ) | http://localhost/confirm/%v?token=%v |
| POSTGREST_AUTH_JWT_EXP | The token expiration (in hours) | X |
| POSTGREST_AUTH_JWT_SECRET | The shared secret with postgrest | X |
| POSTGREST_AUTH_DB_CONNECTIONSTRING | Your dd connection string | X |
| POSTGREST_AUTH_DB_ROLES_ANONYMOUS | The role for anonymous users | X |
| POSTGREST_AUTH_DB_ROLES_USER | The role when users are authenticated | X |
| POSTGREST_AUTH_APP_NAME | The application's name where postgrest-auth is installed (your band name) | X |
| POSTGREST_AUTH_APP_LINK | Your appplication's website | X |
| POSTGREST_AUTH_APP_LOGO | Your application's logo | X |
| POSTGREST_AUTH_EMAIL_FROM | X | |
| POSTGREST_AUTH_EMAIL_HOST | X | |
| POSTGREST_AUTH_EMAIL_PORT | X | |
| POSTGREST_AUTH_EMAIL_AUTH_USER | X | |
| POSTGREST_AUTH_EMAIL_AUTH_PASS | X | |
| POSTGREST_AUTH_API_ALLOWEDDOMAINS | The list of allowed email domains for signup (comma-separated) | X |
| POSTGREST_AUTH_OAUTH2_STATE | Same state that you defined whene retrieving your access token | random-state |
Integration with postgreSQL
This service automatically creates a schema named "auth" and roles defined used environment variables.
It provides you an helper fonction auth.current_user_id() that you can for instance use in your POLICES:
CREATE POLICY questions_update ON questions FOR UPDATE
USING (user_id = auth.current_user_id())
WITH CHECK (user_id = auth.current_user_id());
TODO
- Unit tests
Contributing
Feel free to send PRs!
Directories