How to do the authentication regarding user table in DB?

[mjza]

It seems the login is done by hard coding!

'validate' => function ($username, $password) {
      return $username == 'admin' && $password == 'admin';
},

While I expect it does the validation with a user table in the DB!

Also I activated this config in the api.php:

    'middlewares' => 'dbAuth,authorization',
   'authorization.tableHandler' => function ($operation, $tableName) {
         return $tableName != 'users';
   },

But then it will show the following error in the vanila.html after login by admin:admin:

{ "code": 1012, "message": "Authentication failed'" }

So it seems I need to connect the auth.php and api.php somehow to have the same session data and also do the authentication regarding a DB table!

[mjza]

Maybe a better question is, Is there any example for DB authentication?

[mevdschee]

It seems the login is done by hard coding!

You should replace that with your own implementation

Is there any example for DB authentication?

Not yet, but I fully understand your need for one.

[nilopaim]

Hi, Maurits.

Any news about this example?

As I don't have great knowledge in php, this example would help me a lot...

My use case:

• Application using Vue 2, SPA
• A table in my DB with user's details, including login, passsword and profile (common user, manager, admin, etc...)
• Using php-crud-api to access my tables from Vue completelly functional...

TIA.

[mevdschee]

Any news about this example?

Did you see this? https://github.com/mevdschee/vue-crud-ui

It does not use "dbAuth" or "jwtAuth" or "basicAuth" middleware, but that is relatively easy to add.

Is that what you are looking for?

[mevdschee]

@nilopaim Maybe you can add the front-end for the login on that repo (via a PR) and then I'll add the back-end config?

I'm not that familiar with Vue.

[mevdschee]

If you want to implement the 'jwtAuth' flow, then you may want to read: https://github.com/mevdschee/php-api-auth

[nilopaim]

@mevdschee I'm not a security guy, and due to this I think I'm lost on the flow...

I have the frontend for the login, asking username and password, that I can validate using php-crud-api.

Should I ask for php-api-auth generates me a JWT token ou could I only store this data on my frontend and use it to allow/disallow things on my application?

I'll be grateful for any hints...

[FadelSultan]

Hello @mevdschee
Thank you for helping us.
I upload api.php and auth.php in the same folder and I config api.php for database MySQL, after that I call URL direct without auth data from the browser and I saw the result :(

How can I use auth.php ):

I mean I don't want to access URL directly without auth.

Thank's