Basic instructions on authorization

akahuku / wasavi

wasavi is an extension for Chrome, Firefox, and Opera. wasavi changes a textarea element to virtual vi editor which supports almost all the vi/ex commands.

http://appsweets.net/wasavi/

Other

1.51k stars 66 forks source link

Basic instructions on authorization #78

Open quicknir opened 9 years ago

quicknir commented 9 years ago

Hello, I love your app. Great stuff. Would you be able to give basic instructions on how to authorize it for google docs or dropbox? Don't really know where to start. Btw typing this in vim as we speak and it's awesome!

akahuku commented 9 years ago

Thank you for trying wasavi. To read/write a file on the online storage via wasavi,

Navigate to http://wasavi.appsweets.net/
Just enter the command to read or write a file like vi: :edit <filename>, :read <filename>, :write <filename> or :file <filename>. Then authentication page of each storage will open.
In a textarea on each web page, only :read command can be used.

psivesely commented 8 years ago

I don't think Google docs uses a textarea element. Also, I tried to see if your site had an HTTPS version, because I would never want to authenticate over HTTP (or mixed HTTPS if the authentication was still done somehow over HTTPS), and value-domain.com decided not only to insert it's own non-matching-domain certificate on your behalf, but when I ignored the warning for sake of exploration, I noticed that they decided to inject some advertising on your site while they're at it. Shitty business practices if you ask me. Anyway, assuming there is no way to use Google docs with wasavi, but please let me know if I'm wrong.

akahuku commented 8 years ago

Thank you. I don't know a relation between wasavi and Google Docs, but I'm interested in a relation between wasavi and SSL.

Following URLs should be accessed via https, but these are not so:

http://wasavi.appsweets.net/ - a special URL for wasavi app mode
http://appsweets.net/authorized.html - a callback URL when connecting to a online storage

The reason that these URL don't use SSL is the cost, and I was looking for a good solution.

So I decided to use cloudflare. Addresses above mentioned will be accessed via https by next release of wasavi (Of course, since the cloudflare's FlexibleSSL is not a perfect security solution, you may not be satisfied...)

psivesely commented 8 years ago

You can get a free certificate from https://letsencrypt.org/. The whole certification creation process is automated with a free software tool you can download from their site as well. I've heard the whole process is pretty quick and painless.

I guess Flexible SSL protects against coffeeshop snoopers, but not against ISPs and intrusive governments. It really bends the idea of what SSL is supposed to be. I would just do it right if I were you... just saying :wink:

akahuku commented 8 years ago

Let's Encrypt was also one of the choices. But, it requires root privileges and appsweets.net is not a dedicated server. This is also the cost issue.

I'd like to assign only the money which wasavi got to development of wasavi, or maintenance of a server. And in the pace of current donation, it is difficult to maintain a full SSL.

psivesely commented 8 years ago

I think it's pretty standard to get root on your VPS if you ask.

Just giving you options. You do what works best for you though :+1: