Feature proposal #6683closed
Implement web store functionality
This should force the web store template. Probably should block multi-package downloads, but that can be tested further on implementation. It needs to be able to give CB and Joomla download by url a download url that works. Since it's a GET request it'll have no user data. So the URL needs to use an access token. The access token should use the following criteria.
1. Be linked to the user
2. Be linked to the package
3. Single use
4. Short lived
So for example you'd have user_id | token | date database table. The token should only last probably 5-10 minutes (make a param for this). Once used it must delete (maybe support a param for number of uses?). The token then causes the download to be subject to access/condition checks against the stored user id.
Updated by krileon almost 4 years ago
Token system should be implemented into PKB to provide domain restricted tokens. Basically once a domain is attached to a token it can only be used on that domain. The token can be refreshed to reset this. Token will be on JP and supplied in CB > Configuration > Integrations for them to enable web store access. The domain limitation is a means to block token sharing to circumvent subscribing. Token should just be sent with JSON request.
Note this means a lot of the functions rebuilding user objects probably need a means of sending a user id.