nrepl

https://github.com/nrepl/nrepl || https://nrepl.org
dominicm 2018-09-28T05:22:58.000100Z

Thinking about it, I strongly agree with you that it should be middleware. However the dependency system poses a problem for that approach. I don't have a good idea that I like though.

bozhidar 2018-09-28T06:26:23.000100Z

@dominicm I think if it’s just the root of all deps that should work out pretty well in practice. On server boot we can set some flag that controls the behaviour of the middleware and makes it do something or nothing. But I haven’t thought that much about this either.

dominicm 2018-09-28T06:32:22.000100Z

@bozhidar the root of all deps?

bozhidar 2018-09-28T07:50:51.000100Z

@dominicm The root of the middleware stack - every middleware would expect the auth middleware to be present.

bozhidar 2018-09-28T07:51:34.000100Z

Generally that’s not really needed - I guess we’re mostly concerned about securing eval-type operations.

dominicm 2018-09-28T08:19:57.000100Z

That makes sense. But conflates authentication with authorization.

dominicm 2018-09-28T08:20:23.000100Z

I guess the auth middleware could evaluate the request statically and determine whether it's safe.

dominicm 2018-09-28T08:21:01.000100Z

Is it possible to add dependencies as a user, as opposed to an author of middleware. I think that would be important.

bozhidar 2018-09-28T13:42:35.000100Z

> That makes sense. But conflates authentication with authorization. Yep, that’s true. Anyways, that’s why I asked for more people to share some feedback - I certainly don’t know what’s the optimum course of action, but I feel that anything will be an improvement over no security at all. 🙂

dominicm 2018-09-28T15:01:23.000200Z

So, if we make this middleware, the world needs to go out and decide whether it's middleware needs to depend on auth. Conditional on being able to extend the dependencies and authorization of an op as a user, that seems fine. Separating authentication and authorization seems like a good pre emptive strike, particularly for us as we would want to inspect responses for particular values and block them under certain conditions (e.g. Breakglass)

bozhidar 2018-09-28T16:03:35.000100Z

> So, if we make this middleware, the world needs to go out and decide whether it’s middleware needs to depend on auth.

bozhidar 2018-09-28T16:03:50.000100Z

That’s true, but the same applies for some very basic things even now - e.g. sessions.

bozhidar 2018-09-28T16:04:29.000100Z

One can argue they should always be present, but since they are middleware it’s up to middleware authors to decide how to leverage them.

bozhidar 2018-09-28T16:06:49.000100Z

> Separating authentication and authorization seems like a good pre emptive strike, particularly for us as we would want to inspect responses for particular values and block them under certain conditions (e.g. Breakglass)

bozhidar 2018-09-28T16:08:02.000100Z

Btw, what when you talk about authorization you’re mostly talking about making sure people don’t execute some insecure code, right? Because if we go with a simple authentication scheme with no permissions attached to it then there won’t be much to check for when it comes to authorization.

dominicm 2018-09-28T16:19:10.000100Z

I would personally probably build something on a claim system that my authorization system would then check.

bozhidar 2018-09-28T16:21:34.000100Z

I don’t understand what you mean. Can you elaborate on this?

dominicm 2018-09-28T22:06:01.000100Z

You get claims to certain functionality in production. Perhaps evaluations from a predefined set, or just refresh. That would encode into the token along with an expiration and a signature.