Comments (4)
At this moment there is not any securing feature. However, I am going to make a basicauth implementation for securing flask-profiler's API and interface. There will be a setting parameter to enable or disable the basic authentication. I think I can complete it within two weeks, because I have a very tight schedule these days. Of course, pull requests will be welcomed :)
from flask-profiler.
I can work on it if you can tell me the complete flow that you have in mind.
Also, it is needed to put in custom decorators for routes or some other mechanism for eg if I am to use flask-limiter, I am not able to limit exempt these admin/flask-profiler routes.
from flask-profiler.
I propose the following flow:
- there must be a setting parameter to enable or disable security feature.
app.config["flask_profiler"] = {
"enabled": app.config["DEBUG"],
"storage": {
"engine": "sqlite"
},
"basicAuth": {
"enabled": True,
"user": "mustafa",
"password": "mypassword"
}
}
- If the basicAuth.enabled is False, flask-profiler's routers should be accessible by everyone. No authentication will be asked.
- if the basicAuth.enabled is True, then flask-profiler's routers must be secured and should serve only to authenticated users.
To protect routers, a decorator which implements basicauth could be used. This is a straightforward approach but sufficient for our purpose. For example; every router definition of flask-profiler's will be decorated by @requires_auth
as follows:
@fp.route("/api/measurements/".format(urlPath))
@requires_auth
def filtermeasurements():
args = dict(request.args.items())
measurements = collection.filter(args)
return jsonify({"measurements": list(measurements)})
reference for implementation of basicAuth: http://flask.pocoo.org/snippets/8/
This decorator has to ask authentication if basicauth.enabled is True.
Any comment?
from flask-profiler.
That would do the back-end but I think there will be more to security. At front-end, it would need a login screen and then js service accordingly to save and plug in the auth values into each subsequent request.
That would do it.
from flask-profiler.
Related Issues (20)
- Support Redis as storage option
- TypeError: Object of type 'Resource' class is not JSON serializable
- NULL result in a non-nullable column - Snowflake as storage
- AttributeError partially initialized module (most likely due to a circular import thrown during flask_profiler import
- Allow defining SQLite3 location HOT 1
- New release
- Endpoint call fails, if `flask-profiler` has error HOT 1
- RuntimeError: dictionary keys changed during iteration
- Text of Modal body with description of the API is overflowing.
- API body response is escaped with backslash
- Is Flask-SocketIO supported?
- pymongo 4.x not support ensure_index HOT 1
- Show variables in endpoints on dashboard
- class sql_alchemy some method not implemented HOT 4
- sqlalchemy engine not working with postgres
- Pypi version is still pointing to version 1.7 though its version is saying 1.8 HOT 4
- Missing sqlachemy requirement HOT 1
- jsonrpc support
- TypeError: Object of type 'UUID' is not JSON serializable when url param is of type uuid
- "Dump current database" not workable for mongodb HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flask-profiler.