Skip to content

Authorization #7

New issue
New issue
Open
Open
Authorization#7
@clxxiii

Description

@clxxiii
clxxiii
opened on Dec 21, 2023

To allow access of the API to people other than our bot and web services (and to restrict the public from accessing sensitive endpoints), we need some form of authorization. For the ease of use in spreadsheets, we are going to use an API key system:
For both the REST and WS access points, the api key issued to a user will be passed as a parameter to log in.

  • Make an APIKey model, that has id, token, user_id, and disabled, and admin fields
    • The id field is just an autoincrementing number
    • The tokenfield is the JWT token used to poll the API
    • The disabled property is a boolean that will disable permissions for all requests (in case of abuse)
    • The admin property will give a token full permission for anything in the API (to be used only for the bot and web services)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions