feature: limit and protect some endpoints
Opened this issue · 0 comments
lucasmenendez commented
Right now, all the API endpoints are public and have not use restrictions. Some of the endpoints are expensive in terms of computation or database queries and should be restricted. We also needs some new endpoints to perform administration actions that should be also protected.
The httprouter package allows to create four types of endpoints based on the protection level:
- Public: With no restrictions.
- Private: Restricted for a closed list of tokens without rate-limit.
- Quota: Restricted for a closed list of tokens with rate-limit.
- Admin: Restricted for a single admin token.
Current endpoints to restrict:
-
POST /tokens(private) -
POST /strategies(quota) -
POST /censuses(quota)
New restricted endpoints:
-
DELETE /tokens(admin)