feat: Sofie Core Groups with Trusted header SOFIE-95 #11
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a hacky proof-of-concept on header based authentication flow.
For now using the
dnt
header, as that gets passed through to meteor.When a ddp connection is opened, it checks the header, and if its not a valid value, it closes the connection. This may not be wanted, as it means this can't be bypassed within nginx, and breaks development.
Then a new meteor method is added, which allows for asking the backend what 'user level' to show in the ui. This is crudely slotted into existing logic, it needs to be redone properly. It also should consider re-checking the value whenever the ddp connection reopens, to allow for invalidating permissions.
The enum may want to be changed, to match the granular system used in the frontend.
But this works, I can run through nginx with
proxy_set_header dnt "admin";
and the settings button appears, or change that toproxy_set_header dnt "studio";
and it disappears (and for some reason sofie won't let me run a studio in this mode..)We should consider that nrkno#1241 is coming in release52, which removes the existing meteor user based auth. So when finishing this, it might be beneficial to pull in parts of that to avoid making this cooperate with code that is about to disappear.