I have a public site with a secured user section. I want to let people use an email address to log in (local security) OR use social logins - this looks like a good solution: https://www.forgebox.io/view/socialite.
What does my file structure look like? Normally I would have a root directory for the main site then a /secure subfolder that requires a login. I’ve been using a root application.cfc that does the following to trigger a login. What’s the best way to do all of this with MVC conventions?
`
<cfif find("/secure/", cgi.script_name) OR find("/store/checkout/", cgi.script_name)>
Socalite is a module for single sign on, not really what you’re looking for. Generally speaking, stop thinking in “folders”. Think instead in “handlers”. And don’t touch the cgi scope directly, instead ask the framework what event is running.
If you wanted to secure all access to a given handler, then you could create a preProcess interceptor that only fires for that handler which redirects the user to a login page if they aren’t authenticated. how you decide to track authentication is up to you.
I have another thread regarding Socialite - please look at that one and help me understand it further. I want to authenticate a user however they want, connect that auth method to local user data in my database and then present them with whatever they have access to.
Regarding folder structures, are you saying that my entire site lives under one folder structure? I would create a handler CFC for the public site full of public methods and another one for the secure section? My secure section is broken into 2 parts at the moment too - one to encapsulate all of the “settings” logic, account, user, device, space, facility, alarm settings, etc. and the “main” secure section which is where they view the device outputs. Looks like this: 06.20.2019-10.21.24
And where do I find more information on what eventPattern="^mySecurehandler." means? It would be hugely beneficial to have a section of your site that explains the differences in MVC conventions vs old school coding - “stop thinking in ‘folders’ and think ‘handlers’”
I want to authenticate a user however they want, connect that auth method to local user data in my database and then present them with whatever they have access to.
Can I also use the eventPattern annotation to fire the preprocess interceptor when the resource is being called as a REST API vs HTML
Yes, you can use the eventPattern annotation to restrict when the interceptor fires. ColdBox doesn’t really care whether the request is an API or HTML, the event pattern acts on the incoming event name all the same. Notice, it’s the event name, not the URL route. i.e… the route may be /main/index or /randomCustomRoute but the event name being executed is main.index and if it’s in a module, then moduleName:handler:action. Event pattern is a regular express.