Display a warning/message if the api_key url parameter is found

Question

Display a warning/message if the api_key url parameter is found

davelarkan opened this issue a year ago · comments

Since #416 has been merged, it is now possible to pass an API key in the URL to bypass the requirement to manually paste an API key in the interface when first opening the mini dashboard.

This is a really nice user improvement but it has the potential to be a security risk.

The API key could be used to modify the indexes/documents and so users should be warned not to share the URL containing the API key to any users they don't trust.

One potential solution could be to display a warning to users on the mini dashboard if an api_key URL parameter is found.

cvermand · Answer 1 · Thu May 25 2023 19:10:55 GMT+0800 (China Standard Time)

Hey @davelarkan !

Thanks for the feedback. Definitely a good idea :)

vaibhav bisht · Answer 2 · Tue Jun 13 2023 10:59:39 GMT+0800 (China Standard Time)

@bidoubiwa I would like to work on this one.

cvermand · Answer 3 · Tue Jun 13 2023 17:39:52 GMT+0800 (China Standard Time)

That would be awesome 🔥 You are definitely more than welcome to open a PR for this!

We prefer not assigning people to our issues because sometimes people ask to be assigned and never come back, which discourages the real volunteers contributors from opening a PR to fix this issue.

vaibhav bisht · Answer 4 · Sun Jun 18 2023 15:11:12 GMT+0800 (China Standard Time)

@bidoubiwa do you guys want a warning toast for this or a warning icon.
In case of toasts :-
I am thinking of using react-hot-toast

In case of Icon :-
How do you want to see the warning (on hover or on click a modal should appear) like it is happening for the help button right now right beside the api key btn.

cvermand · Answer 5 · Tue Jun 20 2023 19:53:49 GMT+0800 (China Standard Time)

Hey @vaibhav135
I thought about a notification, the issue is that it would be on top of the mini-dashboard and would require the user to close it to be able to have a clean experience with the mini-dashboard.

What do you think about a banner? For the design, feel free to suggest a basic one, even if it is not the most beautiful one, we will improve it together later.

For the banner, you can take inspiration from this code: #442

I'm not sure about having the possibility to close the banner as we want the user to continue being aware of the presence of the api_key.

vaibhav bisht · Answer 6 · Sun Jun 25 2023 20:25:26 GMT+0800 (China Standard Time)

@curquiza What do think about this ? Should I add an exclamation btn beside the help button to toggle the banner visiblity?

api_key_banner_720p.mov

cvermand · Answer 7 · Mon Jun 26 2023 16:34:18 GMT+0800 (China Standard Time)

Hey @vaibhav135, this looks very promising! What do you think @gmourier and @davelarkan ?

Clémentine · Answer 8 · Thu Jun 29 2023 21:56:51 GMT+0800 (China Standard Time)

@bidoubiwa let me know if I'm wrong, but looks like the suggestion of @vaibhav135 already meets the @davelarkan expectations described in the issue. Let's go with it, and feel free to adapt the warning message if you think it should be improved