Closed FJMentz closed 6 years ago
As I said to Raymond in our last meeting, this is a requirement - that API passthrough is fine for temporary development, but it can't be used in a production environment.
The Docker API will have to be wrapped in order to provide authorization
Side effect from implementing other features.
I feel this is a big issue to discuss in a face-to-face meeting but here is the basics:
I want to move all the 'direct' calls [from the frontend (docks-ui) to docker] to backend (docks). In example: In frontend I want to make a request getAmountContainers and pass x through (an amount) and the backend should implement the functionality to get containers from docker's api and do the filtering (like only send through x amount of containers) back.
This will make the api more api like and also move all 'vulnerabilities' to the backend and give the frontend only the needed 'functions' making it a bit more secure? I feel this is should be done.
Can I please have some feedback on this from everyone? Also can we discuss this on slack and if needed in person?