schleuder-api-daemon: use unix-domain sockets instead of listening on the loopback by default
https://schleuder.nadir.org/docs/ says:
By default schleuder-api-daemon listens only to localhost and does not authenticate requests. […] The Schleuder API uses API-keys to authenticate clients — if transport encryption is enabled (and only if).
This means that anyone on the local machine can can manipulate schleuder however they like.
This is not a sensible default for a machine that might be shared.
The simplest default would be to listen only on a unix-domain socket (not on the loopback) and to control access to that socket with filesystem permissions. Maybe /run/schleuder/api
is a good place. By default, i'd say make that socket only accessible to the schleuder
user.
This lets schleuder-cli
avoid api-keys entirely for the service on the local machine, and it would allow schleuder-api-daemon
to use SO_PEERCRED
as an authentication mechanism in the future if it wanted to grant different system users different authorization.