are0h
/
Fipamo
1
2
Fork 0
Code Issues 19 Pull Requests 1 Packages Projects 1 Releases 22 Wiki Activity

Labels Milestones

New Issue

Convert page create/submit in Dash to full form for data submission #55

Closed
opened 3 years ago by are0h · 1 comments
are0h commented 3 years ago (Migrated from koodu.ubiqueros.com)

As of right now, the Dash used the Admin API to submit page create/edit stuff which has is workable but as the base Dash is a part of the system, it should be submitting data directly to the backend with a form rather than than the API.

Using the API should be reserved for remote experiences and/or peopel who want to make their own admin experience. The Dash shouldn't be using the API because it doesn't have to.

As of right now, the Dash used the Admin API to submit page create/edit stuff which has is workable but as the base Dash is a part of the system, it should be submitting data directly to the backend with a form rather than than the API. Using the API should be reserved for remote experiences and/or peopel who want to make their own admin experience. The Dash shouldn't be using the API because it doesn't have to.
are0h commented 3 years ago (Migrated from koodu.ubiqueros.com)

So I did some research on secure form transmission and thought about it what would be best and decided to keep the current API set up because one of the coolest things about Fipamo is the API and I want to keep that as robust as possible.

That said, form submission should be secure as possible, so that means making some changes to both backend to prevent spoofing and verify that the form being submitted is legit from the Dashboard UI.

I'm going to add a token challenge and lock down the fields being submitted to make sure both of these are accomplished. If the token challenge fails or the field being submitted don't match, the form submission will be rejected.

I'm toying with the idea of adding a log to keep track of failed submissions but if I do I'll make that another separate issue.

So I did some research on secure form transmission and thought about it what would be best and decided to keep the current API set up because one of the coolest things about Fipamo is the API and I want to keep that as robust as possible. That said, form submission should be secure as possible, so that means making some changes to both backend to prevent spoofing and verify that the form being submitted is legit from the Dashboard UI. I'm going to add a token challenge and lock down the fields being submitted to make sure both of these are accomplished. If the token challenge fails or the field being submitted don't match, the form submission will be rejected. I'm toying with the idea of adding a log to keep track of failed submissions but if I do I'll make that another separate issue.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
develop
toggle-buttons-#109
beta
nodejs-version-freeze
sql-version-freeze
1.0.0
b1.0.1
b1.2.0
b1.2.1
b1.2.2
b1.2.3
b1.2.4
b2.0.0
b2.1.0
b2.1.1
b2.2.0
b2.2.1
b2.2.2
b2.2.3
b2.2.4
b2.3.0
b2.4.0
b2.4.1
b2.5.0
b2.5.1
b2.6.0
b2.6.1
Labels
Apply labels
Clear labels   
Accessibility

Issue that help usage disabled and not disabled peoples.   
API

Tasks related to the API   
Brain

Tasks related to core functionality   
Bugs

Stuff that needs to be fixed.   
Config

Tasks related to seting up and running Fipamo   
Critical

This is the flag for the highest priority. This needs to work.   
Dashboard

Task related to the Fipamo admin area   
Docs

Task relate to editing documentation   
Style

Task related to css styling   
Theming

Task related to theme engine   
UI/UX
No Label
Accessibility
API
Brain
Bugs
Config
Critical
Dashboard
Docs
Style
Theming
UI/UX
Milestone
Set milestone
Clear milestone
No items
No Milestone
Fipamo Beta 2.2.3
Projects
Set Project
Clear projects
No project
Assignees
Assign users
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: are0h/Fipamo#55
Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(<nil>)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes