Skip to content

Massively Refactor Authentication internals #3440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
May 28, 2025
Merged

Massively Refactor Authentication internals #3440

merged 14 commits into from
May 28, 2025

Conversation

CarsonF
Copy link
Member

@CarsonF CarsonF commented May 20, 2025

This was one of the end goals I had a week ago, but if first I needed fix all the tight coupling to Session.

  • Moved ~/components/authentication -> ~/core/authentication

  • Moved Session to core as well. There are no remaining auth exports in ~/common

  • Decoupled some authorization functionality from authentication.

    • powers & betaFeatures resolve in the authorization module now.
    • Impersonation checks are decoupled with an event

  • AuthenticationService was split

    • Functionality needed for GQL resolvers stayed put: register, log in/out, password management.
    • JwtService for encoding/decoding session & email tokens
    • SessionManager holds the remaining functionality...for managing sessions.

  • SessionInterceptor was split

    • SessionInitiator is now the service that parses the request info & relays to SessionManager to create sessions
    • Now SessionInterceptor only:
      • Creates the ALS layer for the request's session
      • Consumes AuthLevel & applies their logic/constraints
      • Forwards requests to SessionInterceptor to resume the session.
    • Now the SessionInterceptor can be a private "hook". Since SessionInitiator is injectable now. Though the Identity facade still fronts this.

  • AdminModule now pulls authentication services loosely via ModuleRef.

    • This allows many internal layers/services to be un-exported from the AuthenticationModule.
    • The admin use is an edge case to handle the unique RootUser case. I'd like to rethink this RootUser all together, and I'm hoping our SystemAgents are a step in that direction. Until then though, it was a bit silly to expose many internal layers/services to the codebase just for this.

  • Now only Identity is the only exported service that the codebase can use to do auth things.
    Its surface area is a fraction of the former AuthenticationService - all of the internals have been made private.

CarsonF added 4 commits May 20, 2025 08:21
@CarsonF
Adjust Admin module to cheat so Auth services can be private
d1f68df 
These only needed to be exported for the RootUser.
This is an edge case, so I'd rather not have these services exported.

Eventually I'd like the RootUser to go away.
@CarsonF
Move authentication to core module
3b9d56e
@CarsonF
Move resolvers
0af529f
@CarsonF
Move session stuff to subfolder
27f711f
@github-actions GitHub Actions
Copy link

github-actions bot commented May 20, 2025
edited
Loading

🗞 GraphQL Summary

View schema changes 
@@ -6918,9 +6918,9 @@
   """
   The impersonator if the user is logged in and impersonating someone else
   """
   impersonator: User
-  powers: [Power!]
+  powers: [Power!]!
 
   """
   Use this token in future requests in the Authorization header.
   Authorization: Bearer {token}.

@CarsonF CarsonF force-pushed the refactor/authentication branch from e198c4c to d57c10e Compare May 20, 2025 14:58
@CarsonF CarsonF force-pushed the refactor/authentication branch from f046e7c to 48a0263 Compare May 20, 2025 16:54
@CarsonF CarsonF linked an issue May 27, 2025 that may be closed by this pull request
Auth Refactor 2025 #3476
Closed
bryanjnelson
bryanjnelson approved these changes May 27, 2025
View reviewed changes
Copy link
Contributor

@bryanjnelson bryanjnelson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💪🏼

Base automatically changed from auth-level to develop May 28, 2025 13:25
@CarsonF CarsonF merged commit 3041062 into develop May 28, 2025
15 checks passed
@CarsonF CarsonF deleted the refactor/authentication branch May 28, 2025 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bryanjnelson bryanjnelson bryanjnelson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Auth Refactor 2025
2 participants
@CarsonF @bryanjnelson