Skip to content

🏗️(y-provider) manage auth in y-provider app #804

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Mar 27, 2025
Merged

Conversation

lunika
Copy link
Member

@lunika lunika commented Mar 25, 2025

Purpose

The way to connect to the hocuspocus server needs to be proxified in
nginx to query a dedicated route in the django application and then
follow the request to the express server with the additionnal headers.
The auth can be done in the express server by querying the backend on
the document retrieve endpoint. If the response status code is 200, the
user has access to the document, otherwise it is not the case. Then we
can check the abilities to determine what the user can do or not.

Proposal

  • 🏗️(y-provider) manage auth in y-provider app
  • 🔥(back) remove collaboration-auth endpoint

Sorry, something went wrong.

@lunika lunika added the enhancement improve an existing feature label Mar 25, 2025
@lunika lunika requested review from qbey and AntoLC March 25, 2025 14:12
@lunika lunika self-assigned this Mar 25, 2025
@lunika lunika requested a review from sampaccoud March 26, 2025 09:36
@sylvinus
Copy link
Member

I'm largely in favor of this change! it removes a hidden request that is difficult to debug, removes an API route and is overall I think the right design. It's best not to rely on headers received but let the app do the check itself actively.

Copy link
Collaborator

@AntoLC AntoLC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@lunika lunika force-pushed the websocket-connection branch from 971e414 to 7550c44 Compare March 27, 2025 14:59
@lunika lunika force-pushed the websocket-connection branch from 7550c44 to 48f94a6 Compare March 27, 2025 15:51
@lunika lunika enabled auto-merge (rebase) March 27, 2025 15:52
lunika added 3 commits March 27, 2025 18:27
The way to connect to the hocuspocus server needs to be proxified in
nginx to query a dedicated route in the django application and then
follow the request to the express server with the additionnal headers.
The auth can be done in the express server by querying the backend on
the document retrieve endpoint. If the response status code is 200, the
user has access to the document, otherwise it is not the case. Then we
can check the abilities to determine what the user can do or not.
We don't need anymore the collaboration-auth endpoint. Every code
related to it is removed.
We only use uuid v4 as hocuspocus dicument name. To be sure nothing else
is used we check that the documentName is a valid uuid version 4.
@lunika lunika force-pushed the websocket-connection branch from 48f94a6 to 05fe7f8 Compare March 27, 2025 17:27
@lunika lunika merged commit 7e1eed3 into main Mar 27, 2025
20 checks passed
@lunika lunika deleted the websocket-connection branch March 27, 2025 17:42
This was referenced Mar 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement improve an existing feature
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants