Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: Allowed List of URLs for each AUTH_API_KEY #281

Open
1 task
nelsonic opened this issue Feb 28, 2023 · 0 comments
Open
1 task

Feat: Allowed List of URLs for each AUTH_API_KEY #281

nelsonic opened this issue Feb 28, 2023 · 0 comments
Assignees
@nelsonic
Labels
chore a tedious but necessary task often paying technical debt discuss Share your constructive thoughts on how to make progress with this issue elixir Pull requests that update Elixir code enhancement New feature or enhancement of existing functionality priority-2 Second highest priority, should be worked on as soon as the Priority-1 issues are finished

Comments

@nelsonic
Copy link
Member

Each AUTH_API_KEY will have an allowed_list of URLs that are allowed to use the key.
The default will be localhost and then the person that owns the AUTH_API_KEY can add more e.g. app.dwyl.com
This will mitigate the issue of people using a key they don't own to attempt to authenticate people maliciously ...

Todo

When we re-create the api_keys table as part of #207

  • create the field: allowed_list, {:array, :string} to store an array of Strings

e.g:

mix phx.gen.schema Blog.Post blog_posts tags:array:string

Via: https://stackoverflow.com/questions/33065318/how-to-store-array-with-ecto-using-postgres |> https://hexdocs.pm/ecto/Ecto.Schema.html
@nelsonic nelsonic added enhancement New feature or enhancement of existing functionality chore a tedious but necessary task often paying technical debt discuss Share your constructive thoughts on how to make progress with this issue elixir Pull requests that update Elixir code labels Feb 28, 2023
@nelsonic nelsonic self-assigned this Feb 28, 2023
@nelsonic nelsonic mentioned this issue Feb 28, 2023
Open
@nelsonic nelsonic moved this to 🔖 Ready for Development in dwyl app kanban Feb 28, 2023
@nelsonic nelsonic added the priority-2 Second highest priority, should be worked on as soon as the Priority-1 issues are finished label Feb 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nelsonic nelsonic

Labels
chore a tedious but necessary task often paying technical debt discuss Share your constructive thoughts on how to make progress with this issue elixir Pull requests that update Elixir code enhancement New feature or enhancement of existing functionality priority-2 Second highest priority, should be worked on as soon as the Priority-1 issues are finished
Projects
dwyl app kanban
Status: 🔖 Ready for Development
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nelsonic