MichelDiz
(Michel Diz)
October 11, 2020, 4:00pm
12
Hum, there are plans to add TLS everywhere and also add Poor Man’s ACL/Auth on the exposed endpoints. Like /mutate, /query, /commit, /graphql and so on.
e.g
Motivation
Users of the GraphQL API should have a secure way of exposing their Dgraph instance. Currently, even if the user has auth rules defined, GraphQL+- endpoints like /query, /mutate can override those rules. The user currently needs to use a firewall to disable access to the GraphQL+- endpoints.
User Impact
Users can expose an instance of Dgraph and use the GraphQL API without having to put them behind a firewall.
Implementation
We already have Poorman’s auth which can be used to secure…
Experience Report for Feature Request
The problem is that we go through all the effort to set up poor man’s auth and use GraphQL endpoints instead of the native Dgraph endpoints, but the native endpoints are still available and unprotected.
What you wanted to do
Easily Disable the DQL endpoints via flags such as:
--disable-dql-all
--disable-dql-alter
--disable-dql-mutate
--disable-dql-query
etc...
What you actually did
Set up a reverse proxy to block the DQL endpoints
Why that wasn’t great, …
Starting with this PR, all the admin endpoints now require three kinds of auth:
IP White-listing, if --whitelist flag is passed to alpha.
Poor-man’s auth, if --auth_token flag is passed to alpha (means you will need to pass the auth_token as X-Dgraph-AuthToken header while making the HTTP request if this is enabled).
Guardian only access, if ACL is enabled (means you need to pass the ACL JWT of a Guardian user as X-Dgraph-AccessToken header while making the HTTP request if this is enabled).
A…