Currently the control page can be seen and manipulated by everyone, as long as the URL is known. Changes on the control page are not logged and during scrims and/or tournaments an unknown third person could change teams and scores and nothing could be done against it.
Nothing happened yet - but with implementing a login for the control page we close that issue before it occurs. Having a secure site is common practice and necessary to implement other features dealing with - for example - Twitch API calls.
Proposed Feature
Create a Discord Application for OAuth2 auth
Configure OAuth2 Redirect URL
Generate OAuth2 URL
Implement OAuth2 Callback
Create and connect a database to the backend
Exchange Code for Access Token from database in the backend
Use Access token for API request
Store user session
Implement Login Page
Implement Logout
Secure control page behind the login, all other sites (view only sites) can be accessed without login
To gain access the Discord User has to be in the Arena 51 Gaming Discord and needs to have either a Producer or Manager role. Otherwise they will get a message to contact someone from staff if they think they should have access to the control page.
GeneralHuber
commented
1 year ago
Description
Currently the control page can be seen and manipulated by everyone, as long as the URL is known. Changes on the control page are not logged and during scrims and/or tournaments an unknown third person could change teams and scores and nothing could be done against it.
Nothing happened yet - but with implementing a login for the control page we close that issue before it occurs. Having a secure site is common practice and necessary to implement other features dealing with - for example - Twitch API calls.
Proposed Feature
To gain access the Discord User has to be in the Arena 51 Gaming Discord and needs to have either a Producer or Manager role. Otherwise they will get a message to contact someone from staff if they think they should have access to the control page.