Verify Relay endpoint ownership #389
Description
Is your feature request related to a problem? Please describe.
Currently, Relays can be created with any URL destination, which is a security breach for Switcher API.
Describe the solution you'd like
Allow users to verify the destination endpoint by requiring a check resource that will respond to Switcher API given a private key.
The flow would be:
- Create Relay from Switcher Management
- Click on the request key, which will be provided by Switcher API
- Implement a GET resource that returns the given key
- On Switcher Management, click on verify
The last step will compare the keys and enable the Relay.
If the URL is changed after verification, a new key must be requested.
- map verification code and verification flag in relay documents
- expose routes to generate verification code
- expose routes to verify code
- update verification status when updating endpoint
- validate verification when triggering Relays