Simple kind of login to prevent visitors from scratching

ad3m3r5 / scratch-map

An open-source scratch-off style map to track your travels.

GNU Affero General Public License v3.0

162 stars 3 forks source link

Simple kind of login to prevent visitors from scratching #4

Open natrius opened 1 year ago

natrius commented 1 year ago

A simple kind of login would be good to prevent some visitors from accidentaly scratching something. So, default its "read only" and just with the login or the url-paramter its possible to scratch. Later one maybe a multi-user thing?

Easy might also be a 'look' and 'edit' mode so you have to press a button to be able to scratch. That might be the easiest and quickest solution right now.

(Nice project btw :) )

skylandr commented 1 year ago

I second that :)

ad3m3r5 commented 1 year ago

I originally had this implemented, but scrapped it for the "simplicity" of the project. Do you think it should be in the baseline or as a second version?

Between full authentication or a simple read/write mode toggle, which do you prefer?

Lockszmith-GH commented 1 year ago

Sharing is part of the self-hosting paradigm - so I +1 this as well, but I vote for simplicity at this point - you have a great simple app here - keep it simple.

How about having a URL that is read only - this way the reverse proxy can deal with access to view pages vs edit/admin pages.

For example: readonly pages:

https://mymap.example.com
https://mymap.example.com/worldmap
http://kateryna.lan:23413/statemap

and editable pages:

https://mymap.example.com/admin/worldmap
http://kateryna.lan:23413/admin/statemap

And we can configure out reverse proxy however we want.

ad3m3r5 commented 1 year ago

@Lockszmith-GH - As for implementation, I could see this best being completed as:

Have a /share/<mapname> route that doesnt load any of the :hover styling or interactive javascript functions, so it will appear just as a view-only map.

Then, in your reverse proxy config, you can block external access to the POST /scratch endpoint and the standard /<mapname> endpoint.

Although, I still think at that point, a full authentication/authorization scheme should be implemented.

mariuskimmina commented 1 year ago

This would be really useful, I'd love to have read only version to share with the world

Lockszmith-GH commented 1 year ago

I would also add, a read only non-authenticated view would be great as an embedded component.