Problem
The debug endpoints are currently exposed without authentication, which poses a security risk as they expose full job details and internal state.
Proposed Solution
Implement an authentication/authorization layer that:
- Requires authentication for debug endpoints
- Supports user-based access control
- Integrates with existing user context from job submissions
- Allows admin-level access for debug operations
Security Considerations
- Debug endpoints should only be accessible to authorized users
- Consider role-based access (admin vs regular users)
- Add audit logging for debug endpoint access
References
- Current warning in
src/multicall/gflowd/server.rs:3-7
Problem
The debug endpoints are currently exposed without authentication, which poses a security risk as they expose full job details and internal state.
Proposed Solution
Implement an authentication/authorization layer that:
Security Considerations
References
src/multicall/gflowd/server.rs:3-7