appbaseio/reactivesearch

Feature Request: Boilerplate middleware for whitelisting authorized actions

Open

#251 opened on Feb 7, 2018

View on GitHub
 (0 comments) (3 reactions) (0 assignees)JavaScript (4,835 stars) (487 forks)batch import
enhancementhelp wanted

Description

Issue Type: Enhancement

Description: Create a boilerplate security middleware based on heuristics in #219 to only allow whitelisted actions from a Reactivesearch frontend.

Screenshots: N/A

Minimal reproduction of the problem with instructions: N/A

Contributor guide

Tech stack
javascriptreactvue
Domain
security
Issue type
feature
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
mostly clear
Prerequisites
Familiarity with ReactivesearchUnderstanding of security middleware
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
40
Research direction
First, review issue #219 to understand the heuristics for whitelisting actions. Then, explore existing middleware in the Reactivesearch repository (likely in the server side examples or backend integration) to determine the appropriate pattern. Since the repository is frontend focused, you may need to propose a separate middleware package or documentation for backend usage. Discuss with maintainers the expected API and scope before implementation.