Authentication#

Types of Authentication#

We support basic email/password style authentications and also OAuth with Google, Github and Microsoft!

Setting it up is as simple as editing the main config.json file:

{
  "environment": "production",
  "port": 2727,
  "database": "postgres://admin:***@127.0.0.1:5432/kalmia?sslmode=disable",
  "logLevel": "debug",
  "sessionSecret": "***",
  "users": [
    {
      "username": "hayzam",
      "email": "[email protected]",
      "password": "***",
      "admin": true
    },
    {
      "username": "sherif",
      "email": "[email protected]",
      "password": "***",
      "admin": true
    },
    {
      "username": "anoop",
      "email": "[email protected]",
      "password": "***",
      "admin": true
    }
  ],
  "s3": {
    "endpoint": "https://6e54fdee0563bacc61f011d23c307cbe.r2.cloudflarestorage.com",
    "region": "auto",
    "accessKeyId": "***",
    "secretAccessKey": "***",
    "bucket": "kalmia",
    "usePathStyle": true,
    "publicUrlFormat": "https://kalmia-bucket.difuse.io/%s"
  },
  "githubOAuth": {
    "clientId": "***",
    "clientSecret": "***",
    "callbackUrl": "https://docs.difuse.io/oauth/github/callback"
  }
}

The initial users are setup by adding to the "users" block, the admin flag in this context decides if that particular user can create other users or not, another thing is the fact that a non-user will by default have read, write and delete permissions set.

The above is an example config.json file with github oAuth enabled.

Once it is enabled it will automagically show up in the login page as shown in the image above.

User Roles#

We support very simple permission for each user that can login. For admins there's a special panel on the right called "User Management"

In this you can see a table with all the users listed. You can click on the yellow edit icon to edit a particular users role/permissions among other things. We support "All", "Write/Read", "Read Only", "Write/Read/Delete". They basically does what it says on the tin.