Exposing Electric / locking down with pluggable token generation and verification functions?

[thruflo]

I was thinking about how Electric is exposed when using Electric.Phoenix and how to add auth in a flexible way.

Atm, I believe we just expose Electric generally and the Plug(and Component)s are just a way of sharing some config that the client can use to connect? So is it the case that, currently, once installed as a dependency, Electric is automatically served (thereby exposing your database if not locked down?). Or do/should we have something explicit, like a config flag, to expose it?

If the pathway to locking down access to an embedded Electric is to add token verification capability to it and then generate tokens as part of the client config, then it occurs that we can add that token verification logic to Electric.Phoenix and run as middleware in front of the embedded Electric.

If we make the token generation and validation pluggable (so in production, if using a CDN to authorise Electric access, you could change your token generation function and in development you could just use a simple Phoenix.Token approach that we provide), we could add auth without upstreaming into Electric (to start with).