Evaluate and Integrate Authentication Possibilities
Either a simple user/password and token auth service that works with fastapi or a finished opensource product that does the same and can be easily deployed (via docker?)
Activity
marked this issue as related to #9 (closed)
mentioned in merge request !1 (merged)
Implement a simple username/password authentication endpoint in the api, will return bearer tokens (length of validity can be configured on a per-user basis, so the logistics service can have longer-lasting tokens -> fewer authentication calls needed)
The fastAPI docs include a guide on how to include this, with hashing, salting, automatic token generation and verification, as well as configurable token time-outs.
The user database will be a local json file (since not many users will be required), changes will be applied via a python cli.
It would probably be wise to offer a way to pre-hash passwords for the future users, since the cli will not be publicly accessible, and no-one should manually enter all the actual passwords. A simple static javascript page (or api function) that gets a password and returns a salt + hash(password:salt) would be enough.
Integration with the front-end will be pretty straightforward, no special libraries will be required.
added Doing label
Authentication integrated into the api with commit 9d9dbe70
A way to pre-hash passwords before using the cli would still be nice, but since there will not be many users, this is not a priority. It also has no impact on the functionality of the authentication itself.
If the userdb ever needs to scale up, the json database can and should be replaced. This will not be very hard, as it is behind a pretty simple interface (list, get, add, delete).
For Security reasons, the userdb and the secret signing key for tokens should be managed in some way. This will be added in new Issues.
removed Doing label