Closed nthieberger closed 6 years ago
marcolarosa
commented
8 years ago I have looked at this one and I wasn't able to figure out how the auth token is checked. It's not enough to check that a token exists so the user must be logged in as it may be expired but not yet removed. I'll have another look to see if i can figure this out.
marcolarosa
commented
8 years ago @nthieberger So the problem is that the viewer builds the page from a datafeed that is totally open. Accordingly, it doesn't know whether the data it's referencing is open or not. All it can do is generate the page.
There are a couple of ways to mitigate this that i can think of:
Unfortunately, I don't think this is a very workable option as it would mean quite a deep integration between the viewer and Nabu with some changes required in Nabu to support.
This is possibly more workable than option 1 though we would need to chat with terem about how to make this work. Basically, they would need to create a folder within the Nabu app that I would deploy the code to so that it's served by Nabu rather than the webserver. It does mean putting more load on the ruby app.
In any case this is not a trivial undertaking as even though Nabu and the viewer look like one and the same, in reality, they are two separate apps that are totally unaware of each other.
marcolarosa
commented
6 years ago This relates https://github.com/nabu-catalog/nabu/issues/662 - resolving this ticket for now.
Can the viewer put up a message to a non-logged in user that they need to log in? If a non-logged in user gets to the viewer the audio hangs.