zj/nidobyte - Discussion #6 - Add authorization to Pijul Apply endpoint

#6 Add authorization to Pijul Apply endpoint

Opened by zj on October 14, 2021

zj on October 14, 2021

As the current state of the project is pre-MVP, the apply endpoint is missing authorization at this time.

Basic auth was added (CMY6YHG36OX27OCWAENW2FQ3AKBR52XY3OBLKG5RY3D62UZ4BGUQC), and now should be leveraged to make sure only the owner can push code to the repository. Other Role based authorization things are not considered yet, and expending roles and such is out of scope for the time being.

zj added a change on October 26, 2021

authz: Only repository owners can push changes Before all users could push changes to a repository. This was a shortcut which is changed now. For now only owners can push new changes to a repository. This isn't great either, as it doesn't allow for collaboration as of yet. However, it's a better default and allows nidobyte to be deployed on the internet soon after. As such this default has now been chosen, and will later be updated.

RYCS2BYFBJYX4ORZZ7GRWV2LW6B7FUGZYKZQFELANAUEVMKTHJNAC

main