Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optional support for protecting endpoint with JWT token and logging #37

Open
birme opened this issue Jun 7, 2023 · 0 comments · May be fixed by #39
Open

Optional support for protecting endpoint with JWT token and logging #37

birme opened this issue Jun 7, 2023 · 0 comments · May be fixed by #39
Milestone
student-vdt-sprint-4

Comments

@birme
Copy link
Contributor

birme commented Jun 7, 2023

JWT token endpoint protection

If the service is started with the environment variable JWT_SECRET it should require a JWT token as query-parameter to the endpoint requests (health endpoint excluded).

The JWT-token should include the following payload:

{
  "company": <COMPANY>,
  "email": <EMAIL-TO-PERSON-AT-COMPANY>
}

The JWT-token is signed by the secret specified in the env variable JWT_SECRET and validated on requests. If not valid a "Not Authorized" status code should be returned.

Additional logging

All requests should be logged as a JSON-structure including the information provided in the JWT and endpoint accessed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
student-vdt-sprint-4
Development

Successfully merging a pull request may close this issue.

feat: optionally require JWT token to access api, logs requests Eyevinn/chaos-stream-proxy
1 participant
@birme