strapi-plugin-meilisearch icon indicating copy to clipboard operation
strapi-plugin-meilisearch copied to clipboard

Published 20 hours ago verified publisher icon meilisearch

Restrict meilisearch to authenticated users

Open mbellogularte opened this issue 2 years ago • 3 comments

Currently, anyone who is in possession of a public key can query my database. How can I restrict this to authenticated users? Is there an easy way to link the "Authenticated" role i.e.?

mbellogularte avatar Feb 05 '23 15:02 mbellogularte

Hey @mbellogularte, when you say quering your database, do you mean a query on a strapi route, for example:

POST https://mystrapi.com/meilisearch/content-types

or do you mean on Meilisearch itself:

POST https://my-meili-instance/indexes/restaurant/documents ?

bidoubiwa avatar Feb 07 '23 11:02 bidoubiwa

Hey. No actually you can create a new route in strapi to query your meilisearch database and send the result

Kazdan1994 avatar Mar 13 '23 14:03 Kazdan1994

Currently, anyone who is in possession of a public key can query my database

So you mean a Meilisearch public key? The public key gives read rights on the /search route of every index. You can create keys in Meilisearch with specific rights that can for example limit which index you can query to.

See documentation

bidoubiwa avatar Mar 14 '23 12:03 bidoubiwa