[Details]
We want Mandarine to be as straightforward as possible when it comes to back-end development. One of the main issues with back-end development is the amount of time that is spent on creating things like authentication, or registration. With that said, what we want to do is the following:
Mandarine should be able to handle authentication, this means, the developer will already have all the infrastructure to connect their database or array of users to Mandarine, and based on some simple logic and overriding, Mandarine will be able to authenticate. The authentication must happen at Request time, at request time, we will inject the user object to the context of the request if present. This process should be the first in the lifecycle, as when the request gets to the middleware process, the user object should already be injected.
We want to provide the possibility of auto-creating an endpoint for login and registration. All the logic behind that will be handled by Mandarine and the result will be a user object present in the request, or, not user object at all if authentication failed.
We also want the client-side to store the user information, we don't want to store the user's authentication in memory. For this, we will create three cookies (example): Id, Username, Password, signature. The signature will be the union of username and password created by Mandarine during the first request of authentication, if the username or password of the request or the signature itself changes, we can assume the data has been manipulated and the current user in the current request needs re-authentication. Otherwise, if the signature matches the data that was received, then we assume this user is logged-in, and we proceed to inject the data stored on the client's side (the cookies with the login information), this way, we don't have to request the database or the array of users everytime there is a request.