Secure the API and Dashboard
benoit-cty opened this issue · 2 comments
benoit-cty commented
CodeCarbon API and Dashboard are open to everyone. We think it will be better to have a way to segregate the data : only the owner of the organization could decide who has access to the data.
We need to allow:
- Keycloak user management : we choose this tool to allow third party authentication like GitHub or private company LDAP.
- Create an account on the user interface
- Create organizations/teams/projects and give access to them to other account
- Create token for the API
- Support authentication with token in the API
- Secure the dashboard to allow users to view only the data they are allowed to.
- The aggregation api must read only the data the user are allowed to
- Keep the option to share data publicly
inimaz commented
- We should create a CodeCarbon theme for the login and register pages. Keycloak allows to override them. See https://www.keycloak.org/docs/latest/server_development/#_themes
- Maybe less priority, Keycloak allows to have roles. We can have read-only users, team-admin, organisation-admin... And allow team-members to manage these roles via the API.