Feature Request
Checked the docs and existing issues. The plugin upload endpoint (/api/plugin) does not have role-based access control configured in sureness.yml. Every other API path has explicit role mappings. Suggesting
this endpoint gets the same treatment for consistency and defense-in-depth
Is your feature request related to a problem? Please describe
The POST /api/plugin endpoint is currently accessible to any authenticated user including the guest role. Since plugin upload loads custom JAR code into the JVM via ServiceLoader, having no role restriction
means any compromised low-privilege account has the same plugin management access as an admin.
Describe the solution you'd like
Add explicit role mappings for the plugin endpoint in sureness.yml, restricting plugin management to admin users only:
- /api/plugin/**===get===[admin]
- /api/plugin/**===post===[admin]
- /api/plugin/**===put===[admin]
- /api/plugin/**===delete===[admin]
Describe alternatives you've considered
An alternative would be adding a dedicated permission like plugin:manage that can be assigned to specific roles, giving operators more flexibility over who can upload plugins without granting full admin access.
Additional context
This is a defense-in-depth suggestion. The current security model grants all users management permissions, but as HertzBeat adoption grows, organizations may want finer-grained control over who can upload
custom code into the runtime. Every other API path in sureness.yml has explicit role mappings, so adding one for /api/plugin would make the configuration consistent.
Feature Request
Checked the docs and existing issues. The plugin upload endpoint (/api/plugin) does not have role-based access control configured in sureness.yml. Every other API path has explicit role mappings. Suggesting
this endpoint gets the same treatment for consistency and defense-in-depth
Is your feature request related to a problem? Please describe
The POST /api/plugin endpoint is currently accessible to any authenticated user including the guest role. Since plugin upload loads custom JAR code into the JVM via ServiceLoader, having no role restriction
means any compromised low-privilege account has the same plugin management access as an admin.
Describe the solution you'd like
Add explicit role mappings for the plugin endpoint in sureness.yml, restricting plugin management to admin users only:
Describe alternatives you've considered
An alternative would be adding a dedicated permission like plugin:manage that can be assigned to specific roles, giving operators more flexibility over who can upload plugins without granting full admin access.
Additional context
This is a defense-in-depth suggestion. The current security model grants all users management permissions, but as HertzBeat adoption grows, organizations may want finer-grained control over who can upload
custom code into the runtime. Every other API path in sureness.yml has explicit role mappings, so adding one for /api/plugin would make the configuration consistent.