starred/anonaddy
1
0
Fork 0
mirror of https://github.com/anonaddy/anonaddy.git synced 2026-04-25 22:25:55 +03:00
Code Issues 103 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #346] [Feature Request] Edit API Premissions / Access #848

New issue
Closed
opened 2026-03-14 10:52:22 +03:00 by kerem · 1 comment
kerem commented 2026-03-14 10:52:22 +03:00
Owner
Copy link

Originally created by @Zaptosis on GitHub (Oct 11, 2022).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/346

It would be great if one could allow a family member or trusted friend to use a custom domain, however adding authorized users or shared domains would be a pretty large & complex feature to add.

Instead a temporary workaround that would be much easier to implement would would be setting API keys access scopes, which would also have the benefit of increasing security rather than just having fully unrestricted API keys floating around while also enabling other use cases outside of this.

Such API options could be:

  • Allow Adding / Removing Recipients
  • Limit Recipient Access (then check authorized recipients, this limits the API key to only view, edit, & add domains to an authorized pre-added recipient)
  • Allow domain management
  • Allow Rules Management
  • Allow Account Management
  • Allow deleting aliases (if enabled it would still be limited by authorized recipients if "limit recipient access" is enabled)
  • Etc, I'm sure many others could be added.

To avoid further cluttering the UI just a simple "edit" button could be added for the API key next to the delete button. It also wouldn't significantly increase costs as both lite & pro users would still be limited by their maximum bandwidth allocation & maximum recipient allocation.

This is an easy low-cost way to massively expand the functionality of AnonAddy & increase its competitiveness in the space.

Originally created by @Zaptosis on GitHub (Oct 11, 2022). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/346 It would be great if one could allow a family member or trusted friend to use a custom domain, however adding authorized users or shared domains would be a pretty large & complex feature to add. Instead a temporary workaround that would be much easier to implement would would be setting API keys access scopes, which would also have the benefit of increasing security rather than just having fully unrestricted API keys floating around while also enabling other use cases outside of this. Such API options could be: - Allow Adding / Removing Recipients - Limit Recipient Access _(then check authorized recipients, this limits the API key to only view, edit, & add domains to an authorized pre-added recipient)_ - Allow domain management - Allow Rules Management - Allow Account Management - Allow deleting aliases _(if enabled it would still be limited by authorized recipients if "limit recipient access" is enabled)_ - Etc, I'm sure many others could be added. To avoid further cluttering the UI just a simple "edit" button could be added for the API key next to the delete button. It also wouldn't significantly increase costs as both lite & pro users would still be limited by their maximum bandwidth allocation & maximum recipient allocation. This is an easy low-cost way to massively expand the functionality of AnonAddy & increase its competitiveness in the space.
kerem closed this issue 2026-03-14 10:52:27 +03:00
kerem commented 2026-03-14 10:52:33 +03:00
Author
Owner
Copy link

@willbrowningme commented on GitHub (Oct 19, 2022):

Thanks for the suggestion, Laravel Sanctum does make it easy to assign abilities (scopes) to tokens - https://laravel.com/docs/9.x/sanctum#token-abilities

I would likely keep the scopes as create, read, update, delete for each resource (e.g. aliases, recipients, domains).

My only concern is error handling for things like the browser extension and mobile apps if someone uses a token with incorrect abilities/scopes.

When I get time I'll see if I can implement this.

<!-- gh-comment-id:1283650659 --> @willbrowningme commented on GitHub (Oct 19, 2022): Thanks for the suggestion, Laravel Sanctum does make it easy to assign abilities (scopes) to tokens - https://laravel.com/docs/9.x/sanctum#token-abilities I would likely keep the scopes as `create, read, update, delete` for each resource (e.g. aliases, recipients, domains). My only concern is error handling for things like the browser extension and mobile apps if someone uses a token with incorrect abilities/scopes. When I get time I'll see if I can implement this.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.5.0
v1.4.1
v1.4.0
v1.3.8
v1.3.7
v1.3.6
v1.3.5
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.0
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.14.1
v0.14.0
v0.13.13
v0.13.12
v0.13.11
v0.13.10
v0.13.9
v0.13.8
v0.13.7
v0.13.6
v0.13.5
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.2
v0.11.1
v0.11.0
v0.10.1
v0.10.0
v0.9.1
v0.9.0
v0.8.10
v0.8.9
v0.8.8
v0.8.7
v0.8.6
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.5
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.0
v0.3.0
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
bug

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/anonaddy#848
No description provided.