Skip to content

Feat: Allowed List of URLs for each AUTH_API_KEY #281

New issue
New issue
Open
Open
Feat: Allowed List of URLs for each AUTH_API_KEY#281
Assignees
nelsonic
Labels
chorea tedious but necessary task often paying technical debtdiscussShare your constructive thoughts on how to make progress with this issueelixirPull requests that update Elixir codeenhancementNew feature or enhancement of existing functionalitypriority-2Second highest priority, should be worked on as soon as the Priority-1 issues are finished
@nelsonic

Description

@nelsonic
nelsonic
opened on Feb 28, 2023

Each AUTH_API_KEY will have an allowed_list of URLs that are allowed to use the key.
The default will be localhost and then the person that owns the AUTH_API_KEY can add more e.g. app.dwyl.com
This will mitigate the issue of people using a key they don't own to attempt to authenticate people maliciously ...

Todo

When we re-create the api_keys table as part of #207

  • create the field: allowed_list, {:array, :string} to store an array of Strings

e.g:

mix phx.gen.schema Blog.Post blog_posts tags:array:string

Via: https://stackoverflow.com/questions/33065318/how-to-store-array-with-ecto-using-postgres |> https://hexdocs.pm/ecto/Ecto.Schema.html

Metadata

Metadata

Assignees

Labels

chorea tedious but necessary task often paying technical debtdiscussShare your constructive thoughts on how to make progress with this issueelixirPull requests that update Elixir codeenhancementNew feature or enhancement of existing functionalitypriority-2Second highest priority, should be worked on as soon as the Priority-1 issues are finished

Type

No type

Projects

dwyl app kanban

Status

🔖 Ready for Development

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions