User Story
Given the developer is using Authula,
When they enable a plugin for use,
Then they should have the ability to disable all or specific API routes for that plugin.
Synopsis
When developers are using Library mode, all API routes that come with plugins are always exposed and activated which means any user can execute these API routes if they know them. Obviously the developer can lock it down using the Access Control plugin and other plugin capabilities but this is an extra caution the developer has to be aware of.
The solution provided here completely removes this security risk for those who are using Authula as simply just a library instead of a typical Auth solution. So now in Library mode, the developer can disable all or specific API routes for a given plugin completely removing any HTTP element that the plugin comes with.
An example is if a developer enables the Admin plugin. If they disable API routes, they could simply just use the Admin plugin via its plugin code (public interface and methods) for their own custom backend without worrying about their end-users being able to access and call any exposed API endpoints these plugins have.
User Story
Given the developer is using Authula,
When they enable a plugin for use,
Then they should have the ability to disable all or specific API routes for that plugin.
Synopsis
When developers are using Library mode, all API routes that come with plugins are always exposed and activated which means any user can execute these API routes if they know them. Obviously the developer can lock it down using the Access Control plugin and other plugin capabilities but this is an extra caution the developer has to be aware of.
The solution provided here completely removes this security risk for those who are using Authula as simply just a library instead of a typical Auth solution. So now in Library mode, the developer can disable all or specific API routes for a given plugin completely removing any HTTP element that the plugin comes with.
An example is if a developer enables the Admin plugin. If they disable API routes, they could simply just use the Admin plugin via its plugin code (public interface and methods) for their own custom backend without worrying about their end-users being able to access and call any exposed API endpoints these plugins have.