Reject machine-to-machine traffic using custom metadata ACL rules
Reject machine-to-machine traffic using custom metadata ACL rules
- name: ADMIN_GRP
groups_any_of: [ administrators ]
kibana:
access: admin
index: '.kibana_@{acl:current_group}'
metadata:
rejectBasicAuth: trueasync function customMiddleware(req, res, next) {
const metadata =
req.rorRequest && req.rorRequest.getIdentitySession() && req.rorRequest.getIdentitySession().metadata;
const headerAuth = req.rorRequest && req.rorRequest.getAuthorizationHeaders && req.rorRequest.getHeaders().getAuthorizationHeaders().get('authorization');
const isBasicAuth = headerAuth && headerAuth.includes('Basic')
if (metadata.customMetadata && metadata.customMetadata.rejectBasicAuth && isBasicAuth) {
return res.status(401).json({ message: 'Machine to machine communication is not allowed' });
}
return next()
}Last updated