Brood: Bugout authentication
Project description
bugout-dev/brood
What is Brood?
Setting up user registration and login in your application can be challenging and time consuming. Doing this from scratch takes a lot of planning. Since you're working with sensitive data (emails, passwords, etc) it's important not to get it wrong.
Giving users the ability to set up groups or teams within which they can share resources adds to this challenge, and adding payments compounds it significantly.
Brood is a web service that takes care of user management, team management, and payments in your application as soon as you set it up.
It is a free and open source alternative to systems like AWS Cognito and Auth0.
Brood provides a REST API that you can use either directly from your frontend application or through your own API or serverless application. It uses a Postgres database to store data about users, teams, and payments.
Payments are currently supported through Stripe.
Brood has been battle tested in production and has been supporting millions of authentication events a month since March 2021.
Using Brood
To get started with Brood, we'll first need to create a user. This represents a user of your application.
Creating a user is as simple as POST
ing a form:
curl -X POST https://auth.bugout.dev/user \
-F "username=pepper" \
-F "email=pepper@example.com" \
-F "password=1dc23a784ed36056887ef0967e8431817a1a2d9e2b3938eef0d0c9d0227d7c14"
You can also create a user using one of our client libraries. For example, in Javascript:
import BugoutClient, { BugoutTypes } from "@bugout/bugout-js";
const bugout = new BugoutClient();
bugout
.createUser(
"pepper",
"pepper@example.com",
"1dc23a784ed36056887ef0967e8431817a1a2d9e2b3938eef0d0c9d0227d7c14",
"Pepper",
"Cat"
)
.then(console.log)
.catch((e) => {
console.error(e);
process.exit(1);
});
Each user is identified to Brood using access tokens in the authorization header of Brood requests.
The authorization header should have the form Authorization: Bearer <access_token>
.
If you are integrating Brood into your own API or serverless application, you can just pass this header through to Brood when you are working with Brood resources and it will handle permissions on your behalf with no hassles.
To generate an access token for a user, you again POST
a form:
curl -X POST https://auth.bugout.dev/token \
-F "username=pepper" \
-F "password=1dc23a784ed36056887ef0967e8431817a1a2d9e2b3938eef0d0c9d0227d7c14"
In Javascript:
import BugoutClient, { BugoutTypes } from "@bugout/bugout-js";
const bugout = new BugoutClient();
bugout
.createToken(
"pepper",
"1dc23a784ed36056887ef0967e8431817a1a2d9e2b3938eef0d0c9d0227d7c14"
)
.then(console.log)
.catch((e) => {
console.error(e);
process.exit(1);
});
CORS configuration
If you are using Brood directly from your frontend, you will need to configure the Brood server to respond to CORS requests from your users' browsers. This is actually very simple. When you start your Brood servers, simply set the following environment variable:
BROOD_CORS_ALLOWED_ORIGINS="<domain at which your site is hosted>"
For example, if your frontend lives at https://frontend.example.com
, then you would set:
BROOD_CORS_ALLOWED_ORIGINS="https://frontend.example.com"
You can pass multiple domains as a comma-separated list. If you had sites at https://frontend.example.com
and at https://other-frontend.example.com
, you would set:
BROOD_CORS_ALLOWED_ORIGINS="https://frontend.example.com,https://other-frontend.example.com"
In your development environment, you can set a localhost domain as follows:
BROOD_CORS_ALLOWED_ORIGINS="http://localhost:3000"
Client libraries
To make coding against the Brood API easier, you can use one of the client libraries:
API documentation
You can find a more detailed documentation on the API here
Running Brood
Installation and setup
To set up Brood for your development, do the following:
- Clone the git repository
- Install postgresql (https://www.postgresql.org/download/linux/ubuntu/) https://www.postgresql.org/docs/current/installation.html - maybe this too
- Install requirements
- Copy sample.env to dev.env
- Copy alembic.sample.ini to alembic.dev.ini
- Edit variable "sqlalchemy.url = <...>" into alembic.dev.ini
- Run alembic
> ./alembic.sh -c alembic.dev.ini upgrade head
- Edit in dev.env file BROOD_DB_URI and BROOD_SENDGRID_API_KEY variable. BROOD_SENDGRID_API_KEY you can get in password vault.
- Last command befor start:
> source dev.env
Start server:
Once you're ready with the installation, start the server:
> ./dev.sh
CLI
Groups
- Create new group with specified
--name
and--username
as an owner
python -m brood.cli groups create --name "bugout-group" --username "neeraj"
- Add user to group with specified
--name
asgroup_name
,--username
and--type
asmember
/owner
python -m brood.cli groups role --name "bugout-group" --username "tim" --type "member" | jq .
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for bugout_brood-0.2.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5f39629756c2f7c5e6ad8470be41f0fa6a68405429b1ed3654b1477537e95077 |
|
MD5 | 0015a50d5ee26e3c93c611432cc3dea8 |
|
BLAKE2b-256 | 5e7852a5648a5f5de0a798401a1c0aee0a61d5fa9e1c364c0748a6beda8f4108 |