hopfenspace / MateBot

Micro service providing an API for MateBot clients

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Add Access Control to the API server

CrsiX opened this issue · comments

commented

Currently, the API server does not provide any security model or authentication controls. Any client that's able to connect to the API server gains full control over it. Of course, this is not usable in a production environment. Therefore, some means of a bullet-proof access control should be added to the API server.

FastAPI does provide a way to check for e.g. HTTP Basic Auth, which could be enough for the project. It does, however, also provide the full set of security options, which could be used, too.

commented

This has already been implemented and merged into dev branch. See old feature-auth branch.