Right now, anything can request from localhost:8080 and get data back, like source code, file attachments, etc.
We should tighten that up, so only the developer can access info.
dataflow run should open a webpage like http://localhost:8080?auth_token=65c87a64c6e5, where that auth token will authorize that user to view notebooks/get file attachments and all.
[ ] Don't connect to websocket unless valid auth token.
[ ] /api/import should also have some form of auth
[ ] /api/file-attachments should also have some auth
[ ] What about multiple clients? Not sure how jupyter handles this...
[ ] Toggle-able, let people expose a dev server if they really want to
Right now, anything can request from
localhost:8080and get data back, like source code, file attachments, etc.We should tighten that up, so only the developer can access info.
dataflow runshould open a webpage likehttp://localhost:8080?auth_token=65c87a64c6e5, where that auth token will authorize that user to view notebooks/get file attachments and all./api/importshould also have some form of auth/api/file-attachmentsshould also have some auth