roots to get user, post by Id

[mouhcineToumi]

NodeApi is our database guard. Opening direct requests to the database is dangerous.

• some content can be restricted (group philosophy ) .

[mohammedSlimani]

• The security needed will be done with an API key. The api key will be private between the node api and the java api.
• when deploying we could use the CORS to add another layer of protection and limit the origins of requests to the node api alone.
• We could also make a JWT, but that would be overkill!

[mouhcineToumi]

that sounds cool, it justifies. But how am I supposed to do it now ?? via elastic directly ??

[mohammedSlimani]

I think I am the one who should work on it. when I do that, you will have to verify the token

[mohammedSlimani]

The header authorization is "hehexd", If a request doesnt have it it means it is not from the node API The key can be changed afterwards. See #65