A 'micro service' designed to authenticate users returning a generated JWS token for authorisation purposes.
You will need Leiningen https://github.com/technomancy/leiningen 2.0.0 or above installed.
This project is still heavily under development, so setting things up is still a little quirky.
The database URL is set in an ENV variable: CAAS_DB_URL
Mine looks like this: CAAS_DB_URL=jdbc:postgresql://localhost:15432/caas?user=caas&password=cassonade If your postgres instance is running on the default port, use something like: jdbc:postgresql://localhost:5432/caas?user=caas&password=cassonade
The database port may be different on your machine.
One you've created a database named: caas with the user: caas and password: cassonade things are good to go, and you can run migrations with ragtime
lein ragtime migrate
To migrate the test database do:
export CAAS_DB_URL_TEST='jdbc:postgresql://localhost:5432/caas_test?user=caas_test&password=cassonade_test'
lein with-profile test ragtime migrate
Then you can fire up a repl and create your first user.
lein repl
(in-ns 'caas.models)
(def user {:email "[email protected]" :password "foobaz"})
(add-user! user)
This creates a user with the email "[email protected]" and stores the password in a hashed format using bcrypt+sha512 (others are available https://funcool.github.io/buddy-hashers/latest/).
Start the server with
lein ring server
This starts a server on http://localhost:3000
curl -v -X GET http://localhost:3000/caas/authenticate\?email\=[email protected]\&password\=foobaz
Querying this route will return a signed JWS token.
eyJ0eXAiOiJKV1MiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6ImZvb0BiYXouZGUifQ.RA9A1xT_YJ-Xi5_2B9nASNgQ5FKGXOai1yy0nWqgq7k%
Once the token for this authenticated user is obtained, it can be used to query for permissions, e.g.
curl -v -X GET http://localhost:3000/caas/authorize\?token=
eyJ0eXAiOiJKV1MiLCJhbGciOiJIUzI1NiJ9.eyJlbWFpbCI6ImZvb0BiYXouZGUifQ.RA9A1xT_YJ-Xi5_2B9nASNgQ5FKGXOai1yy0nWqgq7k%
This returns
{name:permission_name}
When a user cannot be authenticated or the JWT token string is not valid a HTTP code 401 "Unauthorized" is returned.
Some sort of basic HTTP authentication.