Pinning Aragon Apps

[luisivan]

• Sniff requests with Muon
• Cache the apps with ipfs-api
• Remove cached content if path not accessed for more than a week

[izqui]

I still need to test it, but I think as it is implemented currently a malicious app could make requests to localhost:8080/ipfs/[hash] and pin any content they want on the user's machine.

[luisivan]

Correct. Any workaround you can think of @izqui? I don't think this is a huge attack vector for now

[izqui]

Yep, not a huge problem but something to keep in mind. A workaround would be for Aragon Desktop to directly use aragon.js to check what apps a DAO has a pin only the content for those, or for us to keep a list of IPFS hashes that should be pinned and pin those.