Closed carsonfarmer closed 5 years ago
carsonfarmer
commented
5 years ago A good first step/pass would be Basic Authentication, there are several tools for this available in the server implementation that we are already using, so I'd suggest we start there.
doftorul
commented
5 years ago For this use-case i am fiddling around with https://www.express-gateway.io/ which allows me to add even JWT authentication to the Textile API. My use case is the following: Run several accounts daemons in containers and proxy all the API requests thru the Express Gateway. The accounts API's need to be accessed remotely by some applications that are remote and for that i needed a way to also proxy all the accounts behind the same IP and PORT. My setup uses JWT, but Basic Auth is available as well on the express gateway. On short: several containers (80+ on a 4 vcpu with 16GB RAM) routed as 123.456.789.101:8080/account_id/api/v0/account
connectdotz
commented
5 years ago if cafe has a way to authenticate the incoming connection and link with its session, I would think there is no need to run multiple daemons, a single cafe is already able to serve multiple sessions/accounts, right?
Currently, we do not authenticate calls to the API that are initiated on localhost. We should change this while attempting to keep the UX pretty minimally changed (asking for a password is obviously fine). For folks who don't care about this, we'll make it possible to not require authentication, but the default should be to require it. @sanderpick and I have discussed some possible implementations here. For those who are interested, please chime in via the comments.