patudom
commented
1 year ago We should not merge this PR until we have sorted out why the 2i2c server is not consistently writing to the db. (Else we won't know if things aren't working because we set up the API keys incorrectly or because the original 2i2c server issue is still present).
Carifio24
This PR adds an API key layer to the backend server. Essentially, non-read (i.e. non-
GET) request that comes into the server now requires a valid API key to actually get handled. The idea is that, while our data is free to be viewed by anyone, we really only want CosmicDS client applications (e.g. data stories, the main website) to be doing anything that modifies the database. A client application will need to put the API key into its authorization header.The way this is set up, API keys are generated offline using a method that I won't detail here - suffice it to say that there is no relationship between a client and the key that it gets. These keys are then hashed and stored in a database table. This way, even if an attacker got access to our database, they wouldn't actually be able to get the API keys. My plan is to have a different API key for each story/other client application so that, if necessary, we can track where requests are coming from.
One thing that this doesn't implement, but that I'm looking into, is the ability to persist sessions for our clients so that we don't need to query the API key table on each request. This shouldn't be a huge overhead right now, as the table is currently small and there's a unique index on the hashed key field, but it would be nice to have.
CC @nmearl and @johnarban since this would affect any requests coming from e.g. a Solara page.