Authentication and security - aPisC/phroper GitHub Wiki

There are 3 builtin models: auth-user, auth-role, auth-permission. The user data is stored in the user model, the user needs to have a role from the role schema, and the permissions of the user is determined from the permissions of the selected role. Roles can be marked as isDefault and the unauthenticated users will use permissions from the default role. When registering a new user the system will assign the first default role to it. If the user is marked as isAdmin, it will have permission to everything.

Auth model examples

// User
{
        "id": 1,
        "created_at": "2021-04-26 13:17:14",
        "updated_at": "2021-04-26 13:17:14",
        "username": "admin",
        "password": "......",
        "role": 1,
        "email": "",
        "isAdmin": true
}

// role
{
        "id": 1,
        "created_at": "2021-04-26 13:17:14",
        "updated_at": "2021-04-26 13:17:14",
        "name": "default",
        "isDefault": true
}

//permission
{
    "id": 4,
    "updated_by": 1,
    "created_at": "2021-04-27 19:23:53",
    "updated_at": "2021-04-27 19:23:53",
    "role": 1,
    "permission": "test"
}

Phroper uses JWT as authorization token. You have to set the Bearer token in every request to access the endpoints as a logged in user. Token is generated in the login or registering process.