Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect internal API endpoints #8

Open
josh opened this issue Feb 9, 2025 · 2 comments
Open

Protect internal API endpoints #8

josh opened this issue Feb 9, 2025 · 2 comments

Comments

@josh
Copy link
Collaborator

josh commented Feb 9, 2025
edited
Loading

While /webhook needs to be publicly exposed and IP gated, the internal API endpoints should not exactly be public either.

Some options:

  1. Add some kind of static auth token
  2. Move to separate listener. This could be another internal port or unix socket.

Kinda leaning towards 2. @tnm curious how you intend to deploy. A separate listener means you could implement your own static token auth with nginx frontend or whatever. Or in a container environment, only expose this internal api port to your app. Or only expose the unix socket to your local app. Related #6.
@tnm
Copy link
Contributor

tnm commented Feb 9, 2025

Definitely prefer 2.

@tnm
Copy link
Contributor

tnm commented Feb 12, 2025

We've decided to split off the listeners first, and then add simple token auth on the API routes to start.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@josh @tnm