ryyst/kalzu-value-store
1
0
Fork 1
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

Add Configuration for Anonymous Read and Write Access to KV Endpoints #5

New Issue
Open
opened 2025-09-12 22:27:36 +03:00 by MrKalzu · 0 comments
MrKalzu commented 2025-09-12 22:27:36 +03:00
Contributor
Copy Link

Currently, the /kv/{path} endpoints for GET and PUT operations are publicly accessible without any authentication. While this might be desired in some scenarios for a simple key-value store, it lacks the flexibility to secure these core data access points. Many deployments will require all data access to be authenticated and authorized.

Proposed Solution:
Introduce two new configuration parameters in the Config struct:

  • AllowAnonymousRead (boolean, default false): If true, GET /kv/{path} requests will not require authentication.
  • AllowAnonymousWrite (boolean, default false): If true, PUT /kv/{path} requests will not require authentication.

Modify the setupRoutes function to conditionally apply the authMiddleware to the getKVHandler and putKVHandler based on these configuration flags.

  • If AllowAnonymousRead is false, apply authMiddleware with a "read" scope requirement to getKVHandler.
  • If AllowAnonymousWrite is false, apply authMiddleware with a "write" scope requirement to putKVHandler.
  • The deleteKVHandler should always require authentication and appropriate scopes (e.g., "delete").

This provides granular control over public access to the core key-value store functionality.

Relevant Code Sections:

  • Config struct for new fields.
  • setupRoutes function to apply middleware conditionally.
  • getKVHandler, putKVHandler, deleteKVHandler functions.
  • authMiddleware function.
Currently, the `/kv/{path}` endpoints for `GET` and `PUT` operations are publicly accessible without any authentication. While this might be desired in some scenarios for a simple key-value store, it lacks the flexibility to secure these core data access points. Many deployments will require all data access to be authenticated and authorized. **Proposed Solution:** Introduce two new configuration parameters in the `Config` struct: * `AllowAnonymousRead` (boolean, default `false`): If `true`, `GET /kv/{path}` requests will not require authentication. * `AllowAnonymousWrite` (boolean, default `false`): If `true`, `PUT /kv/{path}` requests will not require authentication. Modify the `setupRoutes` function to conditionally apply the `authMiddleware` to the `getKVHandler` and `putKVHandler` based on these configuration flags. * If `AllowAnonymousRead` is `false`, apply `authMiddleware` with a "read" scope requirement to `getKVHandler`. * If `AllowAnonymousWrite` is `false`, apply `authMiddleware` with a "write" scope requirement to `putKVHandler`. * The `deleteKVHandler` should always require authentication and appropriate scopes (e.g., "delete"). This provides granular control over public access to the core key-value store functionality. **Relevant Code Sections:** * `Config` struct for new fields. * `setupRoutes` function to apply middleware conditionally. * `getKVHandler`, `putKVHandler`, `deleteKVHandler` functions. * `authMiddleware` function.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ryyst
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: ryyst/kalzu-value-store#5
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?