You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In my application, I use AdminJS as the admin panel and web application. However, we have encountered the following major issue:
When a user logs into the web application and attempts to access AdminJS's API to fetch data, the requests fail. The API only responds with the expected data after the user completes a separate login through the AdminJS login page.
Upon investigation, we found that AdminJS's default authentication provider (DefaultAuthProvider) intercepts API requests, diverting them away from directly serving the data. This prevents data access as intended from the web application.
The core issue lies in the conflict between handling shared login sessions and the integration of authentication processes across both web application and AdminJS.
Attempted Solution
We have considered the following approach:
Use Separate Sessions for Main Application and AdminJS:
In this solution, the main application handles authentication and data retrieval via a custom API (e.g., /admin/api/resources/getByUser/{userId}). Below is an example implementation:
// userController.tsimport{Request,Response}from'express';exportconstgetUserInformation=async(req: Request,res: Response)=>{try{const{ userId }=req.params;constdata={};// Build data payload based on logicreturnres.status(200).json({status: 'ok',message: '',result: data,});}catch(error){returnres.status(500).json({status: 'error',message: 'Internal server error',});}};
While this solution provides a customize API handling and login logic, it has drawbacks:
It requires completely re-implementing data access logic, missing out on AdminJS's built-in features such as role-based access control.
Desired Solution
We are seeking a more elegant approach that can:
Enable Shared Sessions for Unified Access:
Users should be able to log in through the web application and directly access AdminJS's admin panel and APIs without needing to log in again.
Retain AdminJS's RBAC Functionality:
The solution should keep AdminJS's role-based access control in place, even when using shared login sessions.
Please advice best practice. Thank you!
The text was updated successfully, but these errors were encountered:
In my application, I use AdminJS as the admin panel and web application. However, we have encountered the following major issue:
When a user logs into the web application and attempts to access AdminJS's API to fetch data, the requests fail. The API only responds with the expected data after the user completes a separate login through the AdminJS login page.
Upon investigation, we found that AdminJS's default authentication provider (
DefaultAuthProvider) intercepts API requests, diverting them away from directly serving the data. This prevents data access as intended from the web application.The core issue lies in the conflict between handling shared login sessions and the integration of authentication processes across both web application and AdminJS.
Attempted Solution
We have considered the following approach:
In this solution, the main application handles authentication and data retrieval via a custom API (e.g.,
/admin/api/resources/getByUser/{userId}). Below is an example implementation:While this solution provides a customize API handling and login logic, it has drawbacks:
Desired Solution
We are seeking a more elegant approach that can:
Enable Shared Sessions for Unified Access:
Users should be able to log in through the web application and directly access AdminJS's admin panel and APIs without needing to log in again.
Retain AdminJS's RBAC Functionality:
The solution should keep AdminJS's role-based access control in place, even when using shared login sessions.
Please advice best practice. Thank you!
The text was updated successfully, but these errors were encountered: