Is your feature request related to a problem/context ? Please describe if applicable.
Limit access to the rest interface
Describe the solution you'd like
Add the ability to provide a list of IP addresses which are allowed to connect via rest.
Add the ability to require a user/pass to connect via rest.
Additional context
Adding ACLs might be interesting too: username1 can do all things, username2 can only read all things, username3 can only read certain things
Bonus point.... associate usernames with IP addresses.
We don't have a final story on this, and it somewhat related to #413 already.
Basically this REST api is kind of generic and "read-only" so it doesn't matter if it's open, but on the other hand clearly having the ability to bind correctly, limit by IP, and add user authentication will likely be feature we'ld like to have, but will take time to get there
dunno how I missed #413
definitely don't think it's critical, just thought I'd add it to the backlog
Now that we've switched to rustls, it's trivial to add TLS client verification with its private key. This would make access binary, but securely restricted, no more JS/bash/whatever having full access to the control API. Any thoughts? Is it worth adding at least as a temporary solution?
Most helpful comment
We don't have a final story on this, and it somewhat related to #413 already.
Basically this REST api is kind of generic and "read-only" so it doesn't matter if it's open, but on the other hand clearly having the ability to bind correctly, limit by IP, and add user authentication will likely be feature we'ld like to have, but will take time to get there