apilogger icon indicating copy to clipboard operation
apilogger copied to clipboard

Published 20 hours ago verified publisher icon aungwinthant

Allow `apilogs` to be Protected by a Guard

Open lloy0076 opened this issue 4 years ago • 4 comments

It seems at the moment that any user can see the logs (in /apilogs); obviously this could be a security issue.

It could be optional to protect that route(s) with a guard (which could be configurable).

lloy0076 avatar Sep 30 '19 14:09 lloy0076

I am thinking about it too. I'll handle this one.

aungwinthant avatar Sep 30 '19 15:09 aungwinthant

This is a must. Else detailed info, and info valuable with regards to marketing (e.g number of requests or day) is visible to public.

I was thinking the requesting user id should also be logged, in which case the apilogger view definitely needs to be guarded.

(Look at how larecipe guards and defined it's routes. Not that hard)

mtveerman avatar Sep 30 '19 18:09 mtveerman

Thanks I will definitely look into it.

aungwinthant avatar Oct 01 '19 03:10 aungwinthant

Added in #42

dansleboby avatar Mar 23 '22 05:03 dansleboby