Remote user access control

[Adam Jimenez]

Hi,

I've been looking through the user access control documentation:

https://github.com/share/ShareJS/wiki/User-access-control

My sharejs (0.6) is on a separate server from my main app server.

I'm trying to set up authentication. I envisage the flow as follows:

• Client connects to Sharejs server with doc name and unique key.
  
• Sharejs server requests authorisation from app server.
  
• App server permits or denys authorisation.
  
• If successful, sharejs server caches the response and permits future operations for up to an hour.
  

Has anyone done anything similar or can point me in the right direction?

Thanks

--

Best regards,

Adam Jimenez

[Stephan Seidt]

Yes, doing exactly that.

Simply use your custom auth logic in ShareJS' auth function.

I recommend putting as little stuff as possible into the auth function itself.

[Adam Jimenez]

Do you have any sample code?

--
You received this message because you are subscribed to the Google Groups "ShareJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sharejs+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Best regards,
Adam Jimenez

ShiftCreate Limited

[Stephan Seidt]

Basically this is where you hook in: https://github.com/share/ShareJS/blob/0.6/bin/options.js#L82-84

Uncomment the auth function and require your own implementation there.

The options object will be passed into the sharejs server's attach function and sharejs will use it to authorize operations.

This is how auth's API looks https://github.com/share/ShareJS/wiki/User-access-control

All you need to do is call action.accept() or action.reject() at some point in time.

Be sure to call either accept or reject rather quickly, otherwise you might end up with lots of things being buffered.

In your case simply make the authorization request to the app server and call action.accept() or action.reject() depending on the outcome.

If you're comfortable with promises, I'm using a very similar cache implementation to cache authorizations and schemas for validation: https://github.com/share/ShareJS/issues/268#issuecomment-26888152

[Adam Jimenez]

Got it working. Thanks for your advice, it was very helpful.

[jiun bookworm]

Hi Adam,
do you have some sample implementation you could share?

Jiun

[Adam Jimenez]

My auth script was similar to this.

The server side check auth script should output 1 on success.

On the client side you will need to populate the authentication property, see:

https://github.com/share/ShareJS/wiki/User-access-control

auth: function(client, action) {

    if( !action.docName ){

        action.accept();

        return;

    }

    if( !client.authentication ){

        action.reject();

        return;

    }

    

    var user = client.authentication;

    var doc = action.docName;

    var url = 'https://yourdomain.com/check_auth.php?user='+user+'&doc='+doc;

    //check cache

    var time = d.getTime();

    if( perms[doc+'_'+user] && time < perms[doc+'_'+user].expires ){

        console.log('found in cache');

        if( perms[doc+'_'+user].accept ){

            action.accept();

            console.log('accepted');

        }else{

            action.reject();

            console.log('rejected');

        }

        return;

    }

    var request = require('request');

    request(url, function (error, response, body) {

        if (!error && response.statusCode === 200) {

            console.log('auth response: '+body);

            var accept = false;

            if( body==='1' ){

                accept = true;

                action.accept();

                console.log('accepted');

            }else{

                action.reject();

                console.log('rejected');

            }

            //cache response

            var expires = d.getTime()+(60*60*1000); //expire in an hour

            perms[doc+'_'+user] = {

                accept: accept,

                expires: expires

            };

        }

    });

}

[jiun bookworm]

Thanks for the prompt response,
were you  using this with 0.6 or 0.7?