Currently we do not have any kind of authentication going on. This leads to our API being generally insecure, which isn't good at all. A malicious user could potentially reset all the email to point to someone, thus controlling a huge spamming network.
I propose we implement OAuth2 support. Pretty much, every application interacting with the API must first get a token linked to the given user, and will only have limited access to the API.
PR should be comming when I have time to implement it.
Currently we do not have any kind of authentication going on. This leads to our API being generally insecure, which isn't good at all. A malicious user could potentially reset all the email to point to someone, thus controlling a huge spamming network.
I propose we implement OAuth2 support. Pretty much, every application interacting with the API must first get a token linked to the given user, and will only have limited access to the API.
PR should be comming when I have time to implement it.