-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhancement: Use "invitation code" to verify #3227
Comments
yes this! a way of preventing open signups is badly needed. |
what about something like this? |
Not entirely similar, this is an additional method of security verification, allowing relatively automatic circulation within small social circles, rather than a way to invite new users. |
If you use nginx, you might configure it like this to only allow registration if an "invite" URL was accessed. server {
listen 443 ssl;
server_name ...;
ssl_certificate ...;
ssl_certificate_key ...;
autoindex off;
client_max_body_size 20M;
location = /SECRET_INVITE_URL {
add_header Set-Cookie "invite=SECRET; Path=/api/auth/register; HttpOnly";
add_header Set-Cookie "invite=SECRET; Path=/register; HttpOnly";
return 302 /;
}
location / {
try_files "" @backend;
}
location /register {
try_files "" @check_cookie;
}
location /api/auth/register {
limit_except POST {
deny all;
}
try_files "" @check_cookie;
}
location @check_cookie {
if ($cookie_invite != "SECRET") {
add_header Content-Type text/plain always;
return 403 "Access Denied";
}
try_files "" @backend;
}
location @backend {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:3080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
}
} |
Closed by #3012
This is the only one in scope of the project, the other requested features seem too niche
|
What features would you like to see added?
In my opinion, one of the more effective ways to protect public community services is to use "invitation codes" to verify actions such as the registration of new users.
More details
Examples are as follows:
This strategy is inspired by the early registration scheme of the Blue Sky Community, which can protect service security and community ecology, and limit the expansion speed of the service. Additionally, the invitation code has the potential to integrate with other services. Accordingly, there might also be a need to manage the invitation codes, such as importing invitation codes, tracking their usage, and invalidating codes.
Which components are impacted by your request?
General
Pictures
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: