-
Notifications
You must be signed in to change notification settings - Fork 172
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] any plan for implementation: authentication layer #284
Comments
I am not actively working on auth right now, but I am very open to pull requests. What kind of auth do you need? You might be able to get it done with a simple nginx reverse proxy too. |
Hi QP Hou, unfortunately I'm too new to Rust as I could make a good implementation starting from the beginning. What I'd looking for: basic authentication (like password.db in Trino) to restrict the access to the system for the first step. I could help by documenting the requirement or by testing the functionality or by creating the documentation. What do you mean? |
Got it, if all you need is basic auth, you could stand up a reverse proxy using nginx as a shorterm workaround, see: https://serverfault.com/questions/230749/how-to-use-nginx-to-proxy-to-a-host-requiring-authentication |
But I'd need it for all interfaces. Which means this should work for JDBC/ODBC as well. And that's not possible via nginx as faar as I know? |
that's correct, for JDBC, nginx based auth won't work. |
Hey @houqp, I want to work on this. routes: please let me know if this approach is ok. |
@elliot14A i recommend starting with something simple that allows users to specify the secret keys in the yaml config. Since roapi doesn't persist any data in data stores, runtime dynamic key registration won't work well because we will lose all the keys on restart/redeploy. |
@houqp, I was going the implementation of meilisearch https://github.com/meilisearch/meilisearch/tree/main/meilisearch-auth . Should we implement something similar? |
@elliot14A you can give it a try, but keep in mind that we don't have ways to persist the dynamically generated key, so it's better to start with supporting static keys |
For me the authentication layer is the missing feature to use ROAPI in my project(s).
Is there any plan for the implementation? Is there anything I could do?
The text was updated successfully, but these errors were encountered: