Anyone can suggest a way on how to achieve a client-only architecture?

So I’ve been experimenting with client-only architecture, that is, I don’t have to send a request to any backend (lambda functions, cloudflare workers, etc).

First problem I need to solve: Guest only actions

Login

So Fauna offers a way to handle login.

Login(
  Match(Index("user_by_email"), "email"),
  {
    password: "password",
    ttl: TimeAdd(Now(), 7, 'days')
  }
)

Now the only problem is, how do I allow the frontend to perform this operation and nothing else?

So the idea I had was to create a function called Authenticate

Query(
  Lambda(
    ["email", "password"],
    Login(Match(Index("unique_User_email"), Var("email")), {
      password: Var("password")
    })
  )
)

That would do this, then create a custom role called Authenticate which only has access to Authenticate function, then I will generate a secret and assign in the Authenticate role so that the only purpose of the secret is for login, after the login is successful, I will instantiate a new Client using the secret I got from the login.

So on the client, when user clicks on login button:

const result = await client.query(
  query.Call(
    query.Function('Authenticate'),
    email,
    password,
  ),
);

But I can’t do this as I will get PermissionDenied error, I can only call this function if I use a secret that is a Server or Admin but I can’t do that because that would be a security breach.

If this idea works, I want to create a Role that is GuestOnly and then it can only do things like forgot password, register and login.

AHA! I got it solved,

I need to check this:

image

And I need to give the function itself an “Admin” role.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.