Each AUTH_API_KEY will have an allowed_list of URLs that are allowed to use the key.
The default will be localhost and then the person that owns the AUTH_API_KEY can add more e.g. app.dwyl.com
This will mitigate the issue of people using a key they don't own to attempt to authenticate people maliciously ...
Todo
When we re-create the api_keys table as part of #207
[ ] create the field: allowed_list, {:array, :string} to store an array of Strings
Each
AUTH_API_KEYwill have anallowed_listofURLsthat are allowed to use the key. The default will belocalhostand then thepersonthat owns theAUTH_API_KEYcan add more e.g.app.dwyl.comThis will mitigate the issue of people using a key they don't own to attempt to authenticatepeoplemaliciously ...Todo
When we re-create the
api_keystable as part of #207field: allowed_list, {:array, :string}to store an array ofStringse.g:
Via: https://stackoverflow.com/questions/33065318/how-to-store-array-with-ecto-using-postgres |> https://hexdocs.pm/ecto/Ecto.Schema.html