Created a dedicated authenticator role

EarthCubeGeochron · Sep 9, 2023 · d739f21 · d739f21
1 parent ec248d1
commit d739f21
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/backend/sparrow/database/fixtures/07-postgrest-api.sql b/backend/sparrow/database/fixtures/07-postgrest-api.sql
@@ -1,6 +1,9 @@
 -- API-specific roles
--- CREATE ROLE IF NOT EXISTS authenticator LOGIN NOINHERIT NOCREATEDB NOCREATEROLE NOSUPERUSER;
+-- https://postgrest.org/en/stable/tutorials/tut0.html
+CREATE ROLE authenticator LOGIN NOINHERIT NOCREATEDB NOCREATEROLE NOSUPERUSER;
 
+GRANT admin TO authenticator;
+GRANT view_public TO authenticator;
 
 CREATE SCHEMA IF NOT EXISTS sparrow_api;
 

diff --git a/docker-compose.testing.yaml b/docker-compose.testing.yaml
@@ -53,7 +53,7 @@ services:
   pg_api:
     image: postgrest/postgrest:v11.2.0
     environment:
-      - PGRST_DB_URI=postgresql://postgres:@db:5432/sparrow_test
+      - PGRST_DB_URI=postgresql://authenticator:@db:5432/sparrow_test
       - PGRST_DB_SCHEMAS=sparrow_api
       - PGRST_DB_ANON_ROLE=view_public
       - PGRST_JWT_SECRET=test_secret_must_be_at_least_32_characters

diff --git a/docs/content/authentication.md b/docs/content/authentication.md
@@ -0,0 +1,5 @@
+# Authentication and Security
+
+Sparrow's authentication system is based on [PostgREST's][postgrest] JWT system.
+
+[postgrest]: https://postgrest.org/en/stable/tutorials/tut0.html