Open yurii-github opened 5 years ago
yeah this also adds a security risk! b/c routes are public.... and download of logs is possible without any auth!
@mstaack routes is under nova
middleware what risks you are talking about?
i did a quick test and it seemed like downloading files is possible without nova login
ok just did this again, sry for the misleading info. seems to work once canDownload() is used on the tool
Yeah you should not use true
, you should check the user permission.
I'll modify the README file to prevent confusions
Yeah makes sense! Thanks for the readme updates.
you do not check if current app is nova or not, you always register routes like nova-vendor/KABBOUCHI/logs-tool/log
you must use checks like nova:serving() etc
regards