Skip to content

Handle the auth stuff in a middleware like manner

This MR switches to an auth extension, so that we can authenticate the user in a middleware like manner.

This way we should easier be able to:

  • run our permission checks as the request has now a user element
  • test our code (as we can use a force_login method)
  • add another authentification mechanism later (apikeys for example)
  • use a caching layer for the token validation
Edited by Nils Brinckmann

Merge request reports