CASS icon indicating copy to clipboard operation
CASS copied to clipboard
verified publisher icon cassproject

CaSS Login

Open FlorianTolk opened this issue 3 years ago • 3 comments

Is there a way to configure CaSS to have an admin account who can view/modify/delete all frameworks? Additionally, can CaSS be configured to require sign-in order to add/modify/delete frameworks?

FlorianTolk avatar May 23 '22 13:05 FlorianTolk

I would be interested in this, too!

FunkMonkey avatar Jun 15 '22 06:06 FunkMonkey

@Lomilar Do you know if there's any traction on adding some sort of requirement that a user be logged-in before creating resources? We're getting slammed atm by fuzz testing that ends up adding a ton of junk to any publicly-accessible CaSS instance and quickly exhausts the machine's storage.

I don't mind helping with this implementation if you're all tapped on resourcing atm.

vbhayden avatar Jul 11 '22 16:07 vbhayden

I can think of a simple configuration option that would enable this, but it would play havoc with all of the editor use cases.

https://github.com/cassproject/CASS/blob/master/src/main/server/skyRepo.js#L151

A check there for an environment variable, something like process.env.NO_PUBLIC plus throwing an exception if signature sheet is empty AND environment variable is set would take care of it.

Most of the complexity would be handling that gracefully in the editor.

Feel free to contribute via a PR.

Lomilar avatar Jul 11 '22 17:07 Lomilar