Closed skimpax closed 2 years ago
That shouldn't be too hard to implement... so a global variable that's something like: APPRISE_STATEFUL_READONLY
which defaults to zero (0) which is off. But you can set to say one (1) to prevent further changes to when set this way.
Alternatively another solution would be for the Apprise API to look for a .lock
file that was manually placed by the Administrator in the /config
directory. It would work something like the .gitignore
file does, you could next it on just individual configuration locations, or you could park the file globally (one directory level up to apply to them all).
Another solution (you can do this already), is to just park an NginX server in-front of your Apprise and slap a login/password so only authenticated users can set/change your configuration. Your Apprise URLs (to access the API just change from:
http://host/notify
to http://user:pass@host/notify
if your configuration (assuming you're using the Apprise CLI).Thoughts?
I would like to avoid to involve a new third party like nginx to add the feature, so I would rank this proposal as last for my own case. The second proposal seems less explicit than first, less understandable for apprise users. So my preference is the for the first solution, which looks more immediate as an apprise user. That's just my own poll! Thanks.
I think you'll be happy with the last merge request. It addresses your concerns (for now it's just in the master
branch. I'll need to work out the issue taking place (completely different subject) with cryptography
which is preventing the docker container from building anymore.
I'm very sorry for taking so long to get to your issue.
:bulb: The Idea Once my whole configuration has been setup (persistent mode), I would like to be able to run apprise-api on that configuration, but disabling any further configuration modification (a kind of 'READ-ONLY mode' or 'admin mode'). My goal is to avoid that someone alterates that configuration.
Here would be targeted use case:
In that later mode, only notify is allowed to clients, maybe some GET commands, as long as they do not modify the configuration and do not expose sensible info (eg. account/password))
Maybe the naming could also be 'open mode' vs 'notify mode'... or whatever...
Thanks for apprise tool!