Hi folks,
I'd like to write an app using RESTXQ and I'd like to auth users using a regular form-based authentication and then on some XQuery functions check for an existing user session (and possibly user roles). I'd also like to add some social media login using OAuth (later). My question is - is it somehow possible to do this in a declarative way? For example custom annotations on XQuery handlers? Something like %auth:roles-allowed("admin") I definetly don't want to "if" at the beginning of every function that should be protected. No problem with implementing this in Java or XQuery. Just tell me how to approach this orthogonal concern in a reasonable way... Or should I equal app users to BaseX users and leverage Basex auth?
Any tips appreciated (yes, you can even tell me BaseX RESTXQ is not a good tool for that).
Daniel
-- danielkvasnicka.net