Remove URL from code
Closed this issue · 7 comments
Currently everyone can send as many messages (POST requests) as they want to our Influx database. We need to find a solution for that.
Are you talking about a privacy measure so that they need some sort of authentication instead of blindly posting to our database?
Partially that could also be a concern since we are eventually posting information on user location, and physiological variables.
The biggest problem at the moment is that the URL is written in plain text, anyone could use it to send any rubbish to that URL and our lambda function would process all data and save it in influx, maybe there should be some sort of authentication with an API key.
The Python code in the lambda function should check if the incoming message contains a certain API key and if that key has been registered then process the incoming data and same them to Influx alternatively it discard the data.
Wait, the lambda function only uses the URL to post into influx? All of our other streams use authentication on the influxDB side, they have the URL and username and password. So even if they can see the URL, the POST is rejected if the authentication fails.
You can find the existing users under the admin/influxdb/users tab on the left-hand side in Chronograf UI
Or you are saying the credentials are also visible for each Fitbit user?
To my understanding there are no credentials involved. Let me try to give an example. If I post to that URL (that is in the Cozie code) using Python I am confident my message will be saved in Influx. This is the first issue.
The second issue, is that on the Cozie website we are also providing different ways to query the data from the Influx database, but we are not limiting the number of queries a person can do in a day.
If a new user want to use cozie he should haves two options. Either to connect to his database, no actions needed. Or to use our database. In that case he should fill a registration form, so we know he wants to push data into Influx. In that case we will give him a key that allows him to send POST requests to the URL of the Lambda function and with the same key he can also query data. But since we know it is him that is performing that query, we can limit the number of API requests he can perform each day. This number does not have to be small, but there should be a limit. (e.g. 1000)
Oh, so right now the lambda is pushing data just like this?
client = InfluxDBClient(host, port, db)
I thought we had auth enabled. I just tried inserting a random datapoint to sensing without credentials and failed. Also, I just checked the addNewData lambda function and it's using credentials, but is this the one you are using? I only look at the functions under the BUDSLab AWS account.
Is it common to make them push to our Lambda and then let the Lambda do the POST? I would think that since we are paying for the service at influx, we use their resources. We should be able to limit the roles and permission we have for all users, thus we give people a specific user that can only do a certain number of queries to specific databases. Though I don't know how many different users we can create or stuff like that.
@FedericoTartarini should we close this then?
Let me actually implement it then we can close it, once it has been implemented.