damongolding
commented
3 months ago Awesome! I'll have a browse when I get some free time....but that might be a while š
Closed RenanGreca closed 3 months ago
damongolding
commented
3 months ago Awesome! I'll have a browse when I get some free time....but that might be a while š
damongolding
commented
3 months ago The more I think about this the more I think this should be in a middleware function. Echo has a key auth middleware we could leverage.
RenanGreca
commented
3 months ago You're right, there is a KeyAuth middleware that we could use. I'm experimenting with it, and I got to make it work using curl calls from the terminal, setting the authorization header to contain the key.
However I'd like to launch the application using something like firefox --kiosk https://... and apparently there's no way to set the headers using this type of command? I'll continue to investigate for now.
In terms of implementation, the easiest route would be to set the key only as an environment variable. Do you think this value should necessarily be configured also via YAML?
damongolding
commented
3 months ago I also had a 5 minute play on the āauthā branch. Itās clunky and inelegant but I was able to useĀ Ā the middleware.
If I had the time my plan was to pass the page url params to the Home templ template, then loop them and add hidden input fields which HTMXās hx-include would grab and add to the get request. Then I wouldn't need to set the password param to the hx-get request manually (which the branch does at the moment).
Doing so would allow me to use the Key Auth middleware to grab/check for the password param and also possibly render the CombineQueries method obsolete!
As for the yaml file. I was planning on adding a list with values that can not be changed via queries. I started that process in the āimmutable-config-optionsā branch. I think the password would fit great in there.
Forgive me if Iām not making much sense. Iām quite tired at the moment.
damongolding
commented
3 months ago I have merged added my version of this into main!
But by all means have a look and let me know if you think it needs improving
RenanGreca
commented
3 months ago Cool! I've been running my fork locally for a few days and it's been working well, but I'll update the main release and give it a shot. I'll also take a look at the code and give suggestions if I have any, thanks!
Hi! First of all, congrats on the new baby! No rush for this PR :)
I want to set up Immich Kiosk at my parents' house, pulling images from the Immich server at mine. Since I want to expose Immich Kiosk to the internet, but not let just any random person access my URL and see personal photos, I need some sort of authentication. I tried authenticating via my reverse proxy, but then if the session expires I don't want my parents to need to re-authenticate.
So I added a
passwordparameter that can be configured via the config file or env variable. If it is set, incoming GET requests must contain a matchingpasswordparameter in the query. Otherwise, the Kiosk server just shows an error.I don't think this is particularly secure, as I didn't implement any kind of encryption, but it should at least be sufficient to avoid random requests.
I'm happy to make changes if you have any suggestions!