Skip to content

feature: limit and protect some endpoints #89

New issue
New issue
Open
Open
feature: limit and protect some endpoints#89
Labels
enhancementNew feature or requestfrozenThis issue is currently being held up by external motivations and so on.
@lucasmenendez

Description

@lucasmenendez
lucasmenendez
opened on Sep 22, 2023

Right now, all the API endpoints are public and have not use restrictions. Some of the endpoints are expensive in terms of computation or database queries and should be restricted. We also needs some new endpoints to perform administration actions that should be also protected.

The httprouter package allows to create four types of endpoints based on the protection level:

  • Public: With no restrictions.
  • Private: Restricted for a closed list of tokens without rate-limit.
  • Quota: Restricted for a closed list of tokens with rate-limit.
  • Admin: Restricted for a single admin token.

Current endpoints to restrict:

  • POST /tokens (private)
  • POST /strategies (quota)
  • POST /censuses (quota)

New restricted endpoints:

  • DELETE /tokens (admin)

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestfrozenThis issue is currently being held up by external motivations and so on.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions