brajkovic
/
resource_manager
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Implement security #1

New Issue
Closed
opened 2021-11-19 16:49:27 +00:00 by brajkovic · 0 comments
brajkovic commented 2021-11-19 16:49:27 +00:00
Owner
Copy Link

Description

There should be support for multiple ways of securing resource manager upload and copy functionality, there should also be a way to secure presign and get endpoints but this should be separated from upload.

Security methods

Security type is defined in profile

Currently there is a goal to support at least two types

Basic auth - request should come with user:pass in Authentication header. This credentials should be loaded from BASIC_AUTH_CREDENTIALS environment variable.

Api keys - request come with Authorization: Api {api_key}. This credentials should be loaded from API_CREDENTIALS list of keys separated by ,

Presigning

When using AWS S3 for downloading presigning is already handled by S3 itself, to add support for this on local storage this should be implemented with a jwt token.

Token should contain:

  • path to file
  • expiration

This should be appended to get endpoint as token={jwt_token}query param

### Description There should be support for multiple ways of securing resource manager upload and copy functionality, there should also be a way to secure presign and get endpoints but this should be separated from upload. ### Security methods Security type is defined in profile Currently there is a goal to support at least two types Basic auth - request should come with user:pass in Authentication header. This credentials should be loaded from BASIC_AUTH_CREDENTIALS environment variable. Api keys - request come with `Authorization: Api {api_key}`. This credentials should be loaded from API_CREDENTIALS list of keys separated by `,` #### Presigning When using AWS S3 for downloading presigning is already handled by S3 itself, to add support for this on local storage this should be implemented with a jwt token. Token should contain: * path to file * expiration This should be appended to get endpoint as `token={jwt_token}`query param
brajkovic self-assigned this 2021-11-19 17:56:57 +00:00
Sign in to join this conversation.
feature/1-implement_security
Branches Tags
Clear current reference
master
Clear current reference
v0.0.2
v0.0.1
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
brajkovic
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: brajkovic/resource_manager#1
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?