This PR adds new sessions route handlers and filters to allow users to sign into the http-api.
Process:
We create a Unauthorized session for every POST request we receive on /v1/sessions that lasts for 60 seconds.
Once we receive a PUT request with the SIWE raw message and the signature done by the user and verify the authenticity, origin and timestamps, we upgrade the session to a Authorized session and keep the session alive for 1 week
We periodically check the active Unauthorized & Authorized sessions for expiration and remove them if necessary.
Implementation:
The idea is to provide the session id in the Authorization header, for the routes which we want to protect.
This PR adds new
sessionsroutehandlersandfiltersto allow users to sign into thehttp-api.Process:
Unauthorizedsession for every POST request we receive on/v1/sessionsthat lasts for 60 seconds.Authorizedsession and keep the session alive for 1 weekUnauthorized&Authorizedsessions for expiration and remove them if necessary.Implementation: The idea is to provide the session id in the
Authorizationheader, for the routes which we want to protect.