This repository has been archived by the owner on Oct 11, 2020. It is now read-only.

Restrict routes by a permission system #463

Open

Fohlen opened this issue Jul 31, 2017 · 1 comment

Labels

diff:intermediate good first issue prio:SECURITY

Fohlen commented Jul 31, 2017

When we implement #197 and #459 we will also need to restrict certain routes to be accessible via the public internet

only OAuth and serverlist routes should be publicly accessible
everything else should be denied when the request does not come from localhost
ideally, route policy should be configurable through a routes-permissions.toml

The text was updated successfully, but these errors were encountered:

Fohlen added diff:intermediate good first issue labels

Author

Fohlen commented Oct 27, 2017

For instance https://www.npmjs.com/package/express-ipfilter could do this..

Fohlen mentioned this issue

Secure inexor-flex for public server hosting #507

Open

Fohlen added the prio:SECURITY label

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.