You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It should be in the middleware of express that it checks that the Google Login is valid so that all our api routes including falcor commands are secured.
Current Behavior
Right now anyone could send a postman request to our falcor endpoint and modify our database, the code is even open source so it'd actually be really really easy. I could probably figure out how to delete basically everything in our database using curl on my shell in an hour... Not good
Possible Solution
Add authentication middleware! Think we might be able to use Google Auth docs to write a custom middleware, but this may also be a usecase for http://www.passportjs.org/, seriously consider whether that is overkill when doing this issue though
The text was updated successfully, but these errors were encountered:
Expected Behavior
It should be in the middleware of express that it checks that the Google Login is valid so that all our api routes including falcor commands are secured.
Current Behavior
Right now anyone could send a postman request to our falcor endpoint and modify our database, the code is even open source so it'd actually be really really easy. I could probably figure out how to delete basically everything in our database using
curlon my shell in an hour... Not goodPossible Solution
Add authentication middleware! Think we might be able to use Google Auth docs to write a custom middleware, but this may also be a usecase for http://www.passportjs.org/, seriously consider whether that is overkill when doing this issue though
The text was updated successfully, but these errors were encountered: