[FEATURE] Authentication for endpoints
proapi opened this issue · comments
Is your feature request related to a problem? Please describe.
Right now we allow public access to endpoints in PULSE. If we would like to setup this service somewhere on the server, everyone would be able to make requests, which from a security point of view shouldn't be allowed.
Describe the solution you'd like
There should be two ways to authenticate in PULSE:
1.
A good solution would be a simple Bearer token.
The app should have an ENV added which is “token” to connect to it. That’s the first bearer token. The app checks every request if it contains the Authorization: Bearer "token"
and either 401 or responses as before.
We should also add an endpoint which adds tokens to a live instance.
POST /api/access
Which adds a random access token to a database table and memory.
There should also be a possibility to revoke the access token, so another endpoint is needed:
DELETE /api/access
Both endpoints to create and delete access tokens should be already secured by the bearer token from the first point.
Checking which token should be done first for the one in the env variable then checking others in the database. The one in env is more important.