etesync / server

The Etebase server (so you can run your own)
https://www.etesync.com
GNU Affero General Public License v3.0
1.56k stars 76 forks source link

Allow EteServer User Signup Through My Frontend Application only, disallow publicly. #154

Open SHoward-A opened 2 years ago

SHoward-A commented 2 years ago

I want to allow signup users in eteserver, but I do not want anyone else to allow this (I mean do not publicly allow, except my front end application ). What I have in mind is that I will create new custom sign up API, and use some signature to make sure request is coming from my front end application. After that verification, I want to signup user, I am not sure how to do this, I tried to explore etebase python sdk so that I can replicate functionality from there, but no luck.

Can anyone please guide, how I can achieve this thing. Thanks in advance -:)

smac89 commented 1 year ago

Use a proxy and only allow the client's IP address. You can also use a cookie which is set by your proxy, then block all attempts to signup, which do not include this cookie. All of this can be done with Nginx

tasn commented 1 year ago

At the end of the day though, it's fragile, as it trusts the user agent. There really isn't a way to do it other than playing cat-and-mouse games with people trying to circumvent it.