VRMS icon indicating copy to clipboard operation
VRMS copied to clipboard
verified publisher icon hackforla

Investigate and Block Zoom Links from VRMS API

Open JackHaeg opened this issue 1 year ago • 7 comments

Overview

Per stakeholder (Bonnie) - the VRMS API that is used by the HfLA website appears to be publishing Zoom links for each event stored on VRMS. For security reasons, it is recommended that these Zoom links are either blocked from being published or hidden from the public API.

Action Items

  • [ ] Review the VRMS data that the HfLA website is pulling from: vrms_data.json and check for Zoom links (look for videoConferenceLink)
  • [ ] Based on findings, investigate how to block Zoom links from being published on the VRMS API. Zoom links should still remain viewable within the VRMS app.
  • [ ] Block Zoom links from being published on VRMS API.
  • [ ] Submit PR.

Resources/Instructions

  • https://github.com/hackforla/website/blob/gh-pages/_data/external/vrms_data.json

JackHaeg avatar Jun 04 '24 01:06 JackHaeg

@JackHaeg @Spiteless

I could either setup permissions on the DB, or make another route for either us or them and on the route i can leave off the zoom links with a .select("-meetinglink").

Not sure how far-future-facing we should go on this

bkmorgan3 avatar Jun 13 '24 23:06 bkmorgan3

As discussed during Monday's all team meeting, decision = make a new route.

JackHaeg avatar Jun 18 '24 05:06 JackHaeg

@bkmorgan3 Please provide update:

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures or links* (if necessary): "Add any pictures or links that will help illustrate what you are working on."

JackHaeg avatar Aug 13 '24 01:08 JackHaeg

@JackHaeg
I have most of the work done, I took out the meeting links from the current events call and created a new route. I just have to assign the new route to what we are using. I'll try to get a PR in today

bkmorgan3 avatar Aug 13 '24 16:08 bkmorgan3

@bkmorgan3 That's great news! Thanks a ton for the update, Brad 👍

JackHaeg avatar Aug 15 '24 20:08 JackHaeg

@bkmorgan3 When you have a moment, can you please provide an update:

  1. Progress: "What is the current status of your project? What have you completed and what is left to do?"
  2. Blockers: "Difficulties or errors encountered."
  3. Availability: "How much time will you have this week to work on this issue?"
  4. ETA: "When do you expect this issue to be completed?"
  5. Pictures or links* (if necessary): "Add any pictures or links that will help illustrate what you are working on."

JackHaeg avatar Oct 01 '24 01:10 JackHaeg

@JackHaeg Sorry, didn't link the issue in the PR. This is done and approved but not merged.

bkmorgan3 avatar Oct 01 '24 02:10 bkmorgan3