Hello Alex,
- Isn't it then exactly what the demo shows? Two exe files with two different servers? I don't understand then what you want to achieve?2. What I mean is, the browser is just like any other client. If some JS code in your browser get access to authentication data, it can access your server, like in any rest server. Of course you can protect XData servers from unauthorized access, by adding the JWT middleware and protecting it. We don't do custom encryption, if that's what you're asking. We think it's best to rely on HTTPS for that.3. Isn't that what Echo is for? It's a data replication system, the idea is that you work with your local database (offline) and then at some point when you have connection, you replicate (send and receive) data. I also don't understand what you are asking, exactly, since the TMS Echo demo also shows exactly that?
XClientAuth.Uri := 'http://localhost:2001/tms/api';
XClientAuth.HttpClient.OnSendingRequest :=
procedure(Req: THttpRequest)
begin
if Token <> '' then
Req.Headers.SetValue('authorization', 'Bearer ' + Token);
end;
- Isn't it what you have? You have two "modules" answering on addresses /tms/api and /tms/auth. Isn't it the same as "one server" at /tms that does both? 2. Yes, that's how you send the token from client. And to get the user identity you use something like this:
procedure TMyService.DoSomething;
var
User: IUserIdentity;
begin
User := TXDataOperationContext.Current.Request.User;
// Here you have the IUserIdentity from the token sent by the client
Thank you, 1 and 2 understand now, but about 3:
You will not need authentication when in offline mode, because your application will not connect to the server when in offline mode. It will save data directly to the database.
My software have authentication on the start, without authentication customer can't work
Ok, but what is he authentication to? Your software authentication doesn't necessarily need to be the same as the server API authentication.
Based on the software authentication server part provide access to database operations (view, edit, delete, etc.) and in my situation is it the same. Currently, all functionality works based on Services of mORMot and now I'm trying to adapt it based on database authentication.
I'm need to restrict adding new entities to the database:
procedure TServerModule.XDataServerEntityInserting(Sender: TObject; Args: TEntityInsertingArgs);
var
User: IUserIdentity;
IsAdmin: Boolean;
begin
User := Args.Handler.Request.User;
IsAdmin := (User <> nil) and User.Claims.Exists('admin') and User.Claims['admin'].AsBoolean;
// How to allow inserting for Admin only here?
end;
An application that uses Echo has a different paradigm than an application that uses a "normal" XData REST Server. The code you pasted above is for a regular XData server that provides entity inserting capabilities via an endpoint (POST /customers/ , for example).
I'm understand you now, and I think, for my software will be this scenario: customers works with Global DB. Switching to offline mode must be manual and during this switching Local DB will be created (replica of the Global DB with some restrictions)