So I’ve been experimenting with client-only architecture, that is, I don’t have to send a request to any backend (lambda functions, cloudflare workers, etc).
First problem I need to solve: Guest only actions
Login
So Fauna offers a way to handle login.
Login(
Match(Index("user_by_email"), "email"),
{
password: "password",
ttl: TimeAdd(Now(), 7, 'days')
}
)
Now the only problem is, how do I allow the frontend to perform this operation and nothing else?
So the idea I had was to create a function called Authenticate
Query(
Lambda(
["email", "password"],
Login(Match(Index("unique_User_email"), Var("email")), {
password: Var("password")
})
)
)
That would do this, then create a custom role called Authenticate which only has access to Authenticate function, then I will generate a secret and assign in the Authenticate role so that the only purpose of the secret is for login, after the login is successful, I will instantiate a new Client using the secret I got from the login.
So on the client, when user clicks on login button:
const result = await client.query(
query.Call(
query.Function('Authenticate'),
email,
password,
),
);
But I can’t do this as I will get PermissionDenied error, I can only call this function if I use a secret that is a Server or Admin but I can’t do that because that would be a security breach.
If this idea works, I want to create a Role that is GuestOnly and then it can only do things like forgot password, register and login.
