Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

Implement API-level security #18

Open
wbprice opened this issue Mar 12, 2016 · 2 comments
Open

Implement API-level security #18

wbprice opened this issue Mar 12, 2016 · 2 comments
Labels
api

Comments

@wbprice
Copy link
Member

wbprice commented Mar 12, 2016

In general:

- An admin should be able to modify questions and answers
- A user should not be able to modify questions and answers
...
- Bunches of other interactions

What is the Hapi tool to allow this?
@ttavenner
Copy link
Contributor

Setup routes for specific actions then set 'config.auth' on the appropriate routes.

http://hapijs.com/tutorials/auth

@qwo
Copy link
Member

qwo commented Mar 16, 2016

related to #10 the auth scheme working was using basic auth but google auth + session cookies was ideal. I couldn't get it to work but if someone else knows better feel free to give it a crack.

we could probably do either this

https://github.com/dwyl/hapi-auth-google or
https://github.com/dwyl/hapi-login-example-postgres

@qwo qwo added the api label Mar 27, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
api
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wbprice @qwo @ttavenner