Hello,
I have a question regarding the way Foxx is authorized to do its requests when authorization is enabled on arangod.
These are my auth settings in arangod.conf:
disable-authentication = false
authenticate-system-only = true
My plan is to have current REST requests towards arangodb be routed through Foxx, which would allow them only if the user is authenticated in the Foxx application, and forbid REST requests directly to arangodb.
This is an example of such a routing:
controller.put("/api/:paramA/:paramB", function (req, res, options, next) {
var paramA = req.params("paramA");
var paramB = req.params("paramB");
if(paramA != "simle" || paramB != "all"){
res.json({"bad request?"});
} else {
}
}).onlyIfAuthenticated(401, "You are not authenticated");
This seemed to be working towards what I wanted, if authorization is disabled the routing works fine, but when I enable it, I get an authorization dialog which wants me to enter the credentials for MyDB database.
Am I missing something or did I understand "authenticate-system-only = true" poorly ? I was hoping that Foxx would be able to bypass that authorization, either by 'magic' (arangodb realising it's a trusted source) or by providing some credentials in the Foxx application itself (but not on the client) ?