Alternative, better mechanism for authenticating user than --root about datasette-app HOT 7 CLOSED

The plugin could set its own random secret (equivalent to how --root works) and then support a /-/auth-app-user?token=xxx&redirect_to=/-/plugins URL which the shell could then use when opening new windows - e.g. for the "list installed plugins" menu option.

from datasette-app.

For the moment I'm going to lock this down so that it's only visible to the current, authenticated use from localhost - but in the future it might be good to have an option for sharing your data by running the server attached to 0.0.0.0 so you can share links with other people on your network.

from datasette-app.

#52 (option to expose server to other people on your network) makes this even more relevant.

I'm going to have a user account called "admin" (because "root" already does some things in the Datasette world, and as language it's less user-friendly than "admin") - the plugin will set a ds_actor cookie for it when a new browser window is opened.

from datasette-app.

Could even do this by calling a special API endpoint, /-/generate-admin-actor-cookie, which is authenticated using the mechanism introduced by #53 - and then setting the return value as that in a cookie when first instantiating the BrowserWindow.

from datasette-app.

Setting cookies from Electron code looks too complicated - I'll go with the simpler mechanism where every new BrowserWindow hits /-/auth-app-user?redirect=/-/plugins which accepts the Authorization: Bearer xxx token from #53 and redirects with the newly set cookie.

from datasette-app.

I'm going to need to refactor all of the places that create a BrowserWindow and load a URL in it to a new method on the DatasetteServer class which uses the new /-/auth-app-user endpoint - otherwise users could accidentally create windows that don't have the signed cookie.

One exception: this code, because it displays the loading.html screen before the server has started (so it can continue to display while pip install datasette etc is happening on first run).

from datasette-app.

Here's how to pass the authorization: bearer xx header in a POST request to that API endpoint:

      newWindow.loadURL(`http://localhost:${this.port}/-/auth-app-user`, {
        extraHeaders: `authorization: Bearer ${this.apiToken}`,
        postData: [
          {
            type: "rawData",
            bytes: Buffer.from(JSON.stringify({ redirect: path })),
          },
        ],
      });

This wasn't obvious: the extraHeaders takes a string (headers can be separated by newlines) rather than a dictionary, and the postData thing was a very odd shape too.

from datasette-app.