Hi Christian,
Thanks for the permissions pointer- it works well.
As an aside I had to use
let $vbFailure1 := ($perm?authorization != 'example' or exists( $perm?authorization )=false())
Rather than
let $vbFailure1 := ($perm?authorization != 'example' )
To handle the case of no Authorisation. I am not sure why.
I should be able to use request:cookie for ws (when I need to) which is great.
I wasn't able to work out a catchall rest:path solution but it is not really important for me.
Thanks again for the pointer.
Adam
On Mon, Jan 18, 2021 at 8:33 PM Christian Grün christian.gruen@gmail.com wrote:
You could have a look at the "Catch HTTP Errors" section in our documentation.
[1] https://docs.basex.org/wiki/RESTXQ#Error_Handling
On Mon, Jan 18, 2021 at 1:30 PM Adam Law adamjameslaw@gmail.com wrote:
Another thought - a 'catch all' path for fail2ban to catch attempted
accessess to undefined paths.
I haven't tested this to see if there is such a thing in BaseX https://stackoverflow.com/questions/50282541/catch-all-url-in-golang
On Mon, Jan 18, 2021 at 5:26 PM Christian Grün <
christian.gruen@gmail.com> wrote:
Hi Adam,
You could have a loot at our Permissions layer [1]. It can be used for all kinds of checks, not only those specific to authentication. I think we should generalize the concept in a future version of BaseX and introduce additional post-hooks.
Hope this helps? Christian
[1] https://docs.basex.org/wiki/Permissions
On Mon, Jan 18, 2021 at 3:19 AM Adam Law adamjameslaw@gmail.com
wrote:
Golang has great middleware functionality for endpoints that allows a
person to readily secure all of them. I was wondering there would be anyway doing similar in BaseX for restxq & websockets. For example by requiring all requests to have a particular query parameter (very basic example). ... to protect say against browser / javascript port scanning.
Eg
https://stackoverflow.com/questions/26204485/gorilla-mux-custom-middleware and check that request contains a particular parameter (very basic security)
It seems that I have to secure each endpoint individually.
Adam