search

RocketChat / feature-requests

This repository is used to track Rocket.Chat feature requests and discussions. Click here to open a new feature request.
21 stars 9 forks source link

Disabling web interface #277

Open duszek94 opened 5 years ago

duszek94 commented 5 years ago

Hi, at the beginning thanks for a great server

I have a question. Is there any configuration that allows to disable web interface of Rocket.Chat? If no, whether there is any other way to do such a thing?

Thanks for help

nisargkdesai commented 5 years ago

@duszek94 make one new web page and integrate Rocket Chat with Iframe inside this page. and write script that i frame part only should visible if user is visiting here from mobile or tablet devices.

for integrating Rocket Chat in other page through Iframe. https://rocket.chat/docs/developer-guides/iframe-integration/

for detecting device with Javascript. https://stackoverflow.com/questions/11381673/detecting-a-mobile-browser

hope that helps.

MIKI785 commented 5 years ago

The question was how to disable the web interface, not how to embed it. I'm not sure why would you want that, because it makes it basically useless.

geekgonecrazy commented 5 years ago

I don’t think a way to disable. You could always just configure your proxy to only proxy /api and /websocket through

nisargkdesai commented 5 years ago

The question was how to disable the web interface, not how to embed it. I'm not sure why would you want that, because it makes it basically useless.

I understand it. i just tell to embed that with guide to detect mobile browser that one can manipulated its visibility through web and mobile differently.

shirohige commented 4 years ago

The question was how to disable the web interface, not how to embed it. I'm not sure why would you want that, because it makes it basically useless.

Only admin user can access the web portal, other users use the system via a Mobile device only. Now does it sound like a useful feature?

reetp commented 4 years ago

This should probably be closed, or moved.

Rocket.Chat works as expected without an error.so this is not a bug.

New feature requests should be opened here: https://github.com/RocketChat/feature-requests/issues

bellegarde-c commented 4 years ago

I do like this with a custom JavaScript (Admin -> Appearance -> Custom Script):

if (navigator.userAgent.search("Electron") == -1) {
    alert("Please download Rocket Chat");
    document.location.href="https://rocket.chat/install/"; 
}
codefist commented 4 years ago

I do like this with a custom JavaScript (Admin -> Appearance -> Custom Script):

if (navigator.userAgent.search("Electron") == -1) {
  alert("Please download Rocket Chat");
      document.location.href="https://rocket.chat/install/"; 
}

yes, perfect! I did this, for logged in and logged out users, but without the alert. I didn't even want my users to have a shred of hope of using it via web (to prevent confusion).

parteek-johal commented 3 years ago

@codefist Were you able to allow certain user types to continue to access via the web (i.e. admins, etc)?

secnigma commented 3 years ago

I do like this with a custom JavaScript (Admin -> Appearance -> Custom Script):

if (navigator.userAgent.search("Electron") == -1) {
  alert("Please download Rocket Chat");
      document.location.href="https://rocket.chat/install/"; 
}

Thankyou for your comment. With this as a reference, I was able to create a quick and dirty Javascript snippet to restrict login of a specific user from Rocket-Chat web site.

My use case: I wanted to restrict login from my chatbot's account to RocketChat's web site. However, I still wanted the chatbot to be allowed to login in other ways. Since, this was a home-lab kinda setup, javascript validation was enough.

I am posting the snippet below to help people from the future.

Fair Warning: Javascript validation is not a secure validation technique and can be easily bypassed.


// Function to get cookie by name
function getCookie(name) {
  const value = `; ${document.cookie}`;
  const parts = value.split(`; ${name}=`);
  if (parts.length === 2) return parts.pop().split(';').shift();
}
// Initialize XMLHttpRequest
var xhttp = new XMLHttpRequest();

//Save value of cookie rc_token to variable token
var token = getCookie("rc_token");
//Save value of cookie rc_uid to variable uid
var uid = getCookie("rc_uid");

// uid is compared to a specific hardcoded rc_uid of my chatbot.
// This is not optimal, but it was more than enough to prevent login of my chatbot account, via web console.

if(uid==="asdadae"){
// If cookie.rc_id==uid of chatbot,
// then a POST request to /api/v1/logout is made with the bot's uid and token as headers.

xhttp.open("POST", "/api/v1/logout", true);
xhttp.setRequestHeader("X-Auth-Token", token);
xhttp.setRequestHeader("X-User-Id", uid);
xhttp.send();
// OPTIONAL: Just a fancy alert message.
alert("Nice Try Skynet! Bots are not allowed to login via Web Console!");
}
else{
// OPTIONAL: Just a fancy console message.
console.log("Normal Login.");
}```