Question on authentication

[asok]

Hi,
first things first - I'm really a newbie in Elixir and Phoenix.

I wanted to use live_admin behind authentication. I've configured it and run mix phx.gen.auth Administration Admin admins.
I've setup the router like so:

  scope "/", WowWeb do
    pipe_through [:browser, :require_authenticated_admin]

    live_session :require_authenticated_admin,
      on_mount: [{WowWeb.AdminAuth, :ensure_authenticated}] do
      live "/admins/settings", AdminSettingsLive, :edit
      live "/admins/settings/confirm_email/:token", AdminSettingsLive, :confirm_email
    end

    live_admin "/admin", title: "Wow Project"  do
      admin_resource "/users", Wow.Admin.User
    end
  end

Two questions:

• is this the right way to do auth?
• if yes, how can I place the "log out" link in the live layout? phx.gen.auth generate layouts under components/layouts/ dir. But it seems that live_admin is using it's own layouts.

[tfwright]

Question 1:

LiveAdmin does not currently support any specific auth strategy but since it is just a group of routes it theoretically supports anything you can do in a router pipeline. The easiest way to quickly protect a route is to add basic auth plug, which would look something like this:

  # router.ex

  pipeline :admin do
    plug :admin_user_auth
  end

  scope "/admin" do
    pipe_through [:admin, :browser]

     live_admin "/admin", title: "Wow Project"  do
      admin_resource "/users", Wow.Admin.User
    end
  end

  # see basic auth hex docs for more advanced usage, including individual user accounts 
  defp admin_user_auth(conn, _opts) do
    username = Application.fetch_env!(:your_app, :admin_user)
    password = Application.fetch_env!(:your_app, :admin_pass)

    Plug.BasicAuth.basic_auth(conn, username: username, password: password)
  end

I am unfortunately not familiar with phx.gen.auth having never used it myself, but from your sample code it appears to rely on the on_mount option being passed. LiveAdmin actually uses live_session internally so I could explore exposing that hook so you could add that kind of auth check, but it's not currently possible.

Question 2:

Yes, LiveAdmin uses its own layout currently which is a think wrapper around the components. By overriding the relevant component, you could theoretically add a "logout" link anywhere, most likely to the nav component, which implements the sidebar. Not sure how to implement that with basic auth off the top of my head, as I've never attempted that.

[asok]

Thanks for anwsering.

Could I ask you to point me how can I "extend"/"change" the nav component?

[tfwright]

Copy the nav component source file (linked above) into your own project (and rename it), make any changes you want, and then pass it as an option like this (using nav rather than home):

live_admin/dev.exs

Line 254 in bd82703

live_admin "/posts-admin", components: [home: DemoWeb.PostsAdmin.Home] do

[asok]

Thank you.

But to be honest I've failed to set it up correctly. I guess I'm too new to the Phoenix ecosystem.

I will settle with the basic auth for now.