Open rohithbalaji123 opened 4 years ago
@rohithbalaji123 We also need to implementation authorizer
to handle permissions: https://martinfowler.com/articles/web-security-basics.html#AuthorizeActions
For your information, I am refactoring authenticator: https://github.com/short-d/short/pull/611 This is just a prototype. Will split into small PRs and clean up.
@byliuyang Okay, updated the issue. Also, I guess, we would need a separate login page for admin site. Having a modal like in main site doesn't look completely secure for admin actions. What are your thoughts?
@rohithbalaji123 I saw some critical large scale system sharing the same sign in page. However, I do see them having two factor authentication. We may want to force 2-factor authentication for admin accounts.
Here is template prototype I made: https://github.com/short-d/short/issues/651 Need your help to clean it up and productionize the code.
This issue is a start to a bigger issue #347 which concentrates on adding an admin dashboard with a constrained functionalities of supporting CRUD operations related to Change Logs. This issue will have multiple PRs split in the form of,