Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request - add method in our api to validate userRole for secure route for frontend. #2835

Open
PurnenduMIshra129th opened this issue Jan 7, 2025 · 4 comments
Open

Feature Request - add method in our api to validate userRole for secure route for frontend. #2835

PurnenduMIshra129th opened this issue Jan 7, 2025 · 4 comments
Labels
feature request

Comments

@PurnenduMIshra129th
Copy link

Is your feature request related to a problem? Please describe.
-Currently for frontend application there is no authentication for routing from server side. Means a normally user can access the unauthorized pages by changing the url in it . Which is an issue. Because it is used to use the token from frontend stored in localstorage.

  • Which can be easily tampered.And it is not a secure way for routing.

Describe the solution you'd like
-My solution is to create query in server for validating token. For each pages visited by user it should make an api call to server with an token in its header.

-Server will take the token from its header then verify if user is authorized or not by checking its role from AppUserProfile and if the token is valid or not .

-If the token validate then in response it will send in respone as user:authorized and role:admin or superAdmin or user.

-If not then it will send in respone user:unauthorized and role:""

-By using this response frontend will use this in its routing . Let take an example a user will access the url via url but he/she is user but trying to access the superAdmin page . As it is validating through server he will not be able to access.

Describe alternatives you've considered
N/A

Approach to be followed (optional)
N/A

Additional context
-It is user for our issue opened on frontend issue number #1839 . Secured Route / Auth wall #1839 see this one in talawa-admin.

Potential internship candidates

Please read this if you are planning to apply for a Palisadoes Foundation internship
@github-actions github-actions bot added the unapproved Unapproved for Pull Request label Jan 7, 2025
@bandhan-majumder
Copy link

I asked the same on slack few days ago. Did not get any response.

@Cioppolo14 Cioppolo14 removed the unapproved Unapproved for Pull Request label Jan 8, 2025
@PurnenduMIshra129th
Copy link
Author

Lets see

@pratikravindramane
Copy link

Love to Do it
I will first set an authMiddleware in the Middleware folder to check if the requested person has a valid token or not
then after that I will check if it's isSuperAdmin is true or not.
from not we are able to identify it's a user or a super Admin
What are your Thoughts? @PurnenduMIshra129th

@PurnenduMIshra129th
Copy link
Author

@pratikravindramane try to implement with proper structure other wise your code will not be able to merge. I am not mentor ask @Cioppolo14 or @palisadoes to assign.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Cioppolo14 @pratikravindramane @PurnenduMIshra129th @bandhan-majumder