[FEATURE REQUEST] Custom Middleware for routes

Question

[FEATURE REQUEST] Custom Middleware for routes

jacobshenning opened this issue 5 years ago · comments

Is your feature request related to a problem? Please describe.
I'm using this database tool to assist in debugging use data on local and production servers. I need developer to be able to securely visit this page in all environments.

Describe the solution you'd like
I'm hoping that we can add a new value to the config file which is called "middleware." This value will be set to an array of additional middleware I want added to the Prequel routes.

Describe alternatives you've considered
Alternatives could be a list of approved emails I can list into the config and only users by this email are permitted to see the Prequel routes and views.

Additional context
In order for this tool to be used in any sort of production context we'll need to have some sort of authentication.

Quinten · Answer 1 · Thu Jul 18 2019 04:09:29 GMT+0800 (China Standard Time)

Good suggestion! Will certainly include this in the next release!

Quinten · Answer 2 · Sat Jul 20 2019 05:13:18 GMT+0800 (China Standard Time)

Will be released soon! Thanks again.

Damilola Emmanuel Olowookere · Answer 3 · Thu Dec 19 2019 03:04:47 GMT+0800 (China Standard Time)

@QuintenJustus Can you please clarify this common advise of packages advising against use in production for reason of security.

While this is understandable for some packages (e.g. Laravel Telescope warns against drastically slowing down performance), others like Prequel obviously are behind routes which can be put behind a logically secured Middleware.

So why still advise against use in production for security reasons if the above is true?

Quinten · Answer 4 · Sat Dec 21 2019 08:10:10 GMT+0800 (China Standard Time)

@QuintenJustus Can you please clarify this common advise of packages advising against use in production for reason of security.

While this is understandable for some packages (e.g. Laravel Telescope warns against drastically slowing down performance), others like Prequel obviously are behind routes which can be put behind a logically secured Middleware.

So why still advise against use in production for security reasons if the above is true?
- @damms005

It's more the best practice when securing your application. Like you said, logically it's safe behind middleware and there's no performance loss.

However, if you find yourself in need of a direct database browser on a live database, you should reconsider how your application is built up. Unless you're debugging an issue only found on your live database you should not have an opening to the database that is accessible via a web browser, and even then I would advise you to use something else like MySQL Workbench, Sequel Pro etc.

Obviously it's all up to you, Prequels security is solid and will not be easily accessible for other people - if configured correctly.

Hope this has answered your question.