From dd9b5d5d10fd34fdcd097849814f44a85b9af580 Mon Sep 17 00:00:00 2001 From: lee Date: Thu, 8 Jul 2021 15:50:26 +0100 Subject: [PATCH] intructions on read only access usage --- docs/db/read-only-access.md | 69 +++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 docs/db/read-only-access.md diff --git a/docs/db/read-only-access.md b/docs/db/read-only-access.md new file mode 100644 index 000000000..ad7e508a8 --- /dev/null +++ b/docs/db/read-only-access.md @@ -0,0 +1,69 @@ +# Read Only token + +## instructions + +1. **How to get read-only role?**, for applications to get read-only access they can contact an `admin` user so that he/she can add this role to that external application. + +2. **How to create and associate application with read-only access?**, for this you must create an application on `gitea` then you can create your own application token. This token will grant access to your account using the `gitea` API. To create this token you must go to **user/settings/application** then **Generate New Token**, you can use this link . It should display a token. + +3. **How to get the read only token?**, to get this token you must send a request to the authentication service with the application token. The authentication service can be accessed/reached by sending the request to : `https://((DOMAIN))/api/auth/apptoken?token=${appToken}`. +This route will validate the application token and build a new **JWT** that allows you to query the information needed. + +The following example should help : + +```js +const APPTOKEN = '' // put your application token here +const res = await fetch( + `https://dev.01-edu.org/api/auth/apptoken?token=${APPTOKEN}` +) +const { token } = await res.json() + +// you should take care of error cases + +console.log('JWT : ', token) +``` + +4. **What can you query?**, querying information is dependent on the users role. A role is given by default to every user, in this case it should be a `read_only` role. You can see more about possible information you can query [here](db-authorization.md) + +5. **How to query the information?**, to query the information you must send a request with the query you desire to use. You can see more information and instructions about this on the project [graphql](../../subjects/graphql/README.md). + +The following example should help : + +```js +const jwt = '' // put your jwt here +const query = '{user(where:{id:{_eq:1}}){login}}' // what you want to query +const res = await fetch( + 'https://((DOMAIN))/api/graphql-engine/v1/graphql', + { + method: 'POST', + headers: { Authorization: `Bearer ${token}` }, + body: JSON.stringify({ query }), + } +) +const { data } = await res.json() + +// you should take care of error cases... + +console.log(data) +``` + +## Observations + +Because of the nature of JWT you should renew the token often, normally this token will have a life spam of one day. +To refresh the tokens you need to do the following: + +- Send a request to the authentication service with the `JWT`. The authentication service can be accessed/reached by sending the request to : `https://((DOMAIN))/api/auth/refresh?token=${jwt}`. This route will create a new token and expire the current token. + +The following example should help : + +```js +const JWT = '' // put your jwt here +const res = await fetch( + `https://dev.01-edu.org/api/auth/refresh?token=${JWT}` +) +const { token } = await res.json() + +// you should take care of error cases... + +console.log('JWT : ', token) +```