This commit adds the initial pass at security for the SMDG demon compendium
database. Notably, it allows browsing of all included data using both the UI
and API, but should not allow creation, editing/updating, or deleting of data
without properly logging into the system. This iteration does not do any
session handling. Login tokens are passed by means of an http-only cookie for
the UI, and should be passed via an Authentication header when using the API.
Again, normal read-only use of the data contained within the compendium should
not require logging in at all.
This commit adds the initial pass at security for the SMDG demon compendium database. Notably, it allows browsing of all included data using both the UI and API, but should not allow creation, editing/updating, or deleting of data without properly logging into the system. This iteration does not do any session handling. Login tokens are passed by means of an http-only cookie for the UI, and should be passed via an Authentication header when using the API. Again, normal read-only use of the data contained within the compendium should not require logging in at all.
Notable implementation details: