Authentication - TrentoCrowdAI/crowdhub-api GitHub Wiki

The authentication is implemented using the Google OAuth.

Authentication

In the db there is a table for the users where the info of the users are stored and its Google ID are even the table primary key.

There is a middleware which sits on top of the authenticated routes which try to authenticate the user by Google.

In particular it takes the Bearer token from the header of the request and retrieves info about user by Google. If a user is not present in the db table it will be registered otherwise the user object is passed to the next express router in order to make authorization at the delegates level.

Authorization

The authorization is managed as a delegates level, each entity delegate before doing operations on data or before returning data it checks if a logged user has access to that data and the permission on that data.

The table project_collaborations is used to allow other users, not only the creator of a project, to view and modify a project and all its related entities. The authorization logic is based on this table and on the owner id property of projects.