search

Ribbit-Network / ribbit-network-dashboard

The web dashboard for the world's largest crowdsourced network of open-source, low-cost, CO2 Gas Detection Sensors.
MIT License
17 stars 16 forks source link

Hide Database Access Key from Front End #97

Closed keenanjohnson closed 1 year ago

keenanjohnson commented 2 years ago

The current Ribbit Network dashboard exposes the Database Access Key as part of the Front End.

Although this is a read-only key, it's probably not ideal to expose it given the risk that someone could DOS the Ribbit Network database or something else nefarious.

It's been proposed in #95 that the way to solve this is to abstract the key from the Front End is by placing it inside of an API like a serverless function or the GO API previously started.

This issue is to come to an agreement on the path foward.

grayjones commented 1 year ago

Is this still an issue? It looks like the front-end is making a request to the backend flask app for data. The backend has access to the token via an environment variable. It uses the token to access influxdb and returns the data to the front-end. The front-end does not have access or use the token.

Can we close this?

keenanjohnson commented 1 year ago

I think you are correct @grayjones ! Closed!