Hey
At DeSci Labs, we need to expose a public RPC endpoint to get our libs (nodes-lib, codex-lib) to work without the user having to setup their own C1 nodes. This needlessly raises the bar for end users to interact with data on Ceramic.
As far as I know, the C1 RPC is not safe to expose publicly, which makes this difficult to do. I see two possible solutions:
- We expose the RPC API with reverse proxy configured with a route whitelist, that limits what RPC functionality can be triggered by third parties.
- The C1 daemon implements a
CERAMIC_ONE_PUBLIC_BIND_ADDRESS
configuration variable, exposing a safe subset of the RPC API on a separate port.
For 1, we’d like to know what routes are safe & necessary to expose for the ModelInstanceClient to function properly.
Ideally, we would like to see option 2, as the lack of a public endpoint is a design flaw in my opinion. If this is possible, we’d likely need a quick fix in the form of 1 meanwhile to allow us to progress.