Open gruns opened 11 months ago
changed to initial implementation being NO unauthorized requests
yep! new implementation plan:
stage 1: auth required for every request. all requests without auth are rejected outright by l1s
stage 2: all requests without auth are severely rate limited to allow curl
, wget
, and other 'toy' usage of saturn without auth
for stage 2, the goal of the rate limits is:
curl
from the command line for debugginghere are some potential rate limiting strategies to consider for implementation:
some combination of all, or some, of the above rate limits will help accomplish both of stage 2's goals above
add two rate limits when no auth token is provided
requests with an invalid auth token will still be rejected