Authentication

cswimr commented

2025-01-29 12:25:27 -06:00

Owner

What should the authentication system look like?
Currently, User has the following schema:

public int Id { get; set; }
public string Token { get; set; } = default!;
public int DiscordUserId { get; set; }
public DateTime CreatedAt { get; set; }
public bool WriteAccess { get; set; } = false;
public bool Disabled { get; set; } = false;

What access should each user have? Should they be able to request any moderation in the database, or should they only be able to request moderations attributed to them? Should moderation retrieval not require authentication at all, meaning only submitting new moderations would require authentication?

What should the authentication system look like? Currently, `User` has the following schema: ```csharp public int Id { get; set; } public string Token { get; set; } = default!; public int DiscordUserId { get; set; } public DateTime CreatedAt { get; set; } public bool WriteAccess { get; set; } = false; public bool Disabled { get; set; } = false; ``` What access should each user have? Should they be able to request any moderation in the database, or should they only be able to request moderations attributed to them? Should moderation retrieval not require authentication at all, meaning only submitting new moderations would require authentication?

cswimr added the

labels 2025-01-29 12:25:27 -06:00

cswimr self-assigned this 2025-01-29 12:25:27 -06:00

cswimr added a new dependency 2025-01-29 12:25:35 -06:00

#2 API Base

cswimr added a new dependency 2025-01-29 12:37:54 -06:00

#13 Permissions

cswimr started working 2025-01-30 06:07:12 -06:00

cswimr stopped working 2025-01-30 06:16:02 -06:00

8 minutes 50 seconds

MYHM commented

2025-01-30 21:09:34 -06:00

Collaborator

So I think some thing like <DISCORDID>.<RANDOMALPHANUMERICS>, and so I can track stuff like API abuse, and usage, everyone should need a token.

So I think some thing like `<DISCORDID>.<RANDOMALPHANUMERICS>`, and so I can track stuff like API abuse, and usage, everyone should need a token.

cswimr started working 2025-02-08 13:26:28 -06:00

cswimr commented

2025-02-08 13:27:23 -06:00

Author

Owner

Should they be able to request any moderation in the database, or should they only be able to request moderations attributed to them?

What about this, @MYHM?

> Should they be able to request any moderation in the database, or should they only be able to request moderations attributed to them? What about this, @MYHM?

MYHM commented

2025-02-08 13:33:49 -06:00

Collaborator

Anyone with a token can look up any moderation on an id, but only some tokens can add them, or modify them.

👍 1

cswimr commented

2025-02-08 13:41:04 -06:00

Author

Owner

So, do we want read/write or read/edit/create?
Edit: This is what I have now.

-    public bool WriteAccess { get; set; } = false;
+    public bool ReadAccess { get; set; } = true;
+    public bool ModifyAccess { get; set; } = false;
+    public bool CreateAccess { get; set; } = false;

So, do we want read/write or read/edit/create? Edit: This is what I have now. ```diff - public bool WriteAccess { get; set; } = false; + public bool ReadAccess { get; set; } = true; + public bool ModifyAccess { get; set; } = false; + public bool CreateAccess { get; set; } = false; ```

cswimr stopped working 2025-02-08 13:54:44 -06:00

28 minutes 16 seconds

MYHM commented

2025-02-08 14:31:10 -06:00

Collaborator

Yeah I think this would be best, so that way I can have people who can redact things if situations change, and I can't have a malicious actor remove all of them stuff like that, but still having that finer control of things

Rows
Columns

Authentication #12