pocketbase-auth-and-access
1
总安装量
1
周安装量
#77760
全站排名
安装命令
npx skills add https://github.com/anirudh-777/pocketbase-skills --skill pocketbase-auth-and-access
Agent 安装分布
kilo
1
amp
1
cline
1
pi
1
opencode
1
cursor
1
Skill 文档
PocketBase Auth and Access
Overview
Use this skill to implement secure auth flows and record-level access rules.
When to Use
- User auth flows (email/password, OAuth providers)
- Access rule design for list/view/create/update/delete
- Ownership and team-based access patterns
- Session/token lifecycle and secure client usage
Workflow
- Identify actor model:
- Public user
- Authenticated user
- Elevated/internal actor
- Define collection rules by operation:
listRule,viewRule,createRule,updateRule,deleteRule- Enforce least privilege and explicit owner/team checks
- Map roles and claims:
- Represent role in user or membership records
- Evaluate role + resource ownership in rules
- Validate auth flows:
- Sign up, sign in, refresh, sign out
- Password reset and email verification
- OAuth account linking behavior
- Threat checks:
- Confirm private data cannot be listed via weak rules
- Confirm cross-tenant access is blocked
- Confirm server-side operations use secure service paths
- Handoff:
- API integration with correct token handling ->
pocketbase-api-and-sdk - Incident response for auth failures ->
pocketbase-operations
References
Common Mistakes
- Using permissive list rules and relying on client filtering
- Encoding critical authorization only in frontend logic
- Forgetting to test unauthorized and cross-tenant access cases