View Source PlausibleWeb.Plugs.AuthorizePublicAPI (Plausible v0.0.1)

Plug for authorizing access to Stats and Sites APIs.

The plug expects :api_scope to be provided in the assigns. The scope will then be used to check for API key validity. The assign can be provided in the router configuration in a following way:

scope "/api/v1/stats", PlausibleWeb.Api, assigns: %{api_scope: "some:scope:*"} do
  pipe_through [:public_api, PlausibleWeb.Plugs.AuthorizePublicAPI]

  # route definitions follow
  # ...
end

The scope from :api_scope is checked for match against all scopes from API key's scopes field. If the scope is among @implicit_scopes, it's considered to be present for any valid API key. Scopes are checked for match by prefix, so if we have some:scope:* in matching route :api_scope and the API key has some:* in its scopes field, they will match.

After a match is found, additional verification can be conducted, like in case of stats:read:*, where valid site ID is expected among parameters too.

All API requests are rate limited per API key, enforcing a given hourly request limit.

Summary

Functions

call(conn, opts)
init(opts)

Functions

Link to this function

call(conn, opts)

View Source
Link to this function

init(opts)

View Source