CaSS Login

Question

CaSS Login

FlorianTolk opened this issue 3 years ago · 3 comments

Is there a way to configure CaSS to have an admin account who can view/modify/delete all frameworks?
Additionally, can CaSS be configured to require sign-in order to add/modify/delete frameworks?

Answer 1 · 2022-06-15T06:25:02.000Z

I would be interested in this, too!

Answer 2 · 2022-07-11T16:47:55.000Z

@Lomilar Do you know if there's any traction on adding some sort of requirement that a user be logged-in before creating resources? We're getting slammed atm by fuzz testing that ends up adding a ton of junk to any publicly-accessible CaSS instance and quickly exhausts the machine's storage.

I don't mind helping with this implementation if you're all tapped on resourcing atm.

Answer 3 · 2022-07-11T17:33:21.000Z

I can think of a simple configuration option that would enable this, but it would play havoc with all of the editor use cases.

https://github.com/cassproject/CASS/blob/master/src/main/server/skyRepo.js#L151

A check there for an environment variable, something like process.env.NO_PUBLIC plus throwing an exception if signature sheet is empty AND environment variable is set would take care of it.

Most of the complexity would be handling that gracefully in the editor.

Feel free to contribute via a PR.