Refine API access controls

raimohanska / ourboard

An online whiteboard

Other

763 stars 58 forks source link

Open raimohanska opened 3 years ago

raimohanska commented 3 years ago

Now that an accesspolicy can allow public read/write, we cannot deny API access based on the existence of a policy
Check for public read/write access in case of no API_KEY header
A valid API_KEY header matching the boards API key grants unrestricted access