Skip to content

API authorization
Compare
Choose a tag to compare
@tuz666 tuz666 released this 06 Nov 16:11
· 181 commits to master since this release
0.3.0
7d2796a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Highlights:

  • every API secured with token-based authentication:
    • GET requests are only accessible to registered users of Arcsi:
      annotated with @auth_token_required
      auth-tokens added into the headers of internal (arcsi view) and external (frontend, app) users
    • POST and DELETE requests are only usable by users with admin roles:
      annotated with @roles_required("admin")
      covered both the cases when we are using them from internal (arcsi view through forms, should be @login_required) or external sources (e.g. postman calls of the CI pipeline, should be @auth_token_required)
  • package uplifts:
  • authentication-token added to allowed headers in Arcsi's nginx configuration
  • Swagger documentation extended with the POST and DELETE requests
  • Postman tests uplifted

Thanks @gammaw @molnar-a @pvj @baxgas @tuz666 for this long awaited release ;)

Contributors

pvj, molnar-a, and 3 other contributors
Assets 2
Loading