aswell with view state from database
anonymous users should not modify anything on database at al, just access
贡献者指南
技术栈
javascript
领域
securityauthenticationbackend
议题类型
security
难度面向新贡献者的预计实现难度,1 表示很小改动,5 表示专家级工作。
3
预计时间有经验贡献者完成调查、实现、测试并准备 pull request 的粗略时间范围。
half day
活动状态议题当前的可参与程度:新鲜、活跃、陈旧、阻塞或等待维护者输入。
stale
清晰度议题是否清楚说明期望改动、验收标准和下一步。
unclear
前置要求
understanding of the application's authentication flowknowledge of database queries for user profiles and view state
新手友好度1-100 的估计分数,表示该议题对首次贡献者的友好程度。
30
研究方向
Examine the codebase to understand how anonymous users are currently handled. Look for authentication middleware (likely in a Node.js/Express setup) that controls access to routes related to profiles and view state. Check the database schema for tables storing profiles and view state. The issue mentions removing these from anonymous access, so likely need to modify route guards or add authorization checks to reject anonymous users from modifying those resources. No linked PRs or maintainer responses provide additional guidance, so start by tracing the routes for profile management and view state updates.
Remove profiles from anonymous access? · streamaserver/streama#759 | Good First Issue
