Open throny opened 4 days ago
naltatis
commented
4 days ago We already have the account system (admin password) in place. We could provide a user setting to require authentication for all endpoints. Right now, it's only required for accessing logs or changing configuration.
Can you be more specific on what you would like protected or not? Read-only mode? Should it be allowed for everyone to see charging situation and sessions/stats?
throny
commented
4 days ago Thanks for the quick response. Yes, it'd be great to lock more functions behind the admin password.
Basically, a read-only mode would be great. I'd love to see the configuration of chargings protected. Like changing charging limits, the profiles (off/solar/fast), changing the wallbox settings (phases, current).
naltatis
commented
4 days ago Ok, thanks for your clarification. Implementing this should not be too complicated. However, we've a lot of other topics right now.
For the meantime, the way to go would be to add basic auth via a reverse proxy.
Is your feature request related to a problem? Please describe. It's great to have the EVCC Dashboard available to everyone. However, it's possible for everyone to change the charging profiles and limits too.
Describe the solution you'd like It'd be great to lock these features. Changing these values should only be possible when authenticated with the password provided.
Describe alternatives you've considered Restrict access to the entire EVCC dashboard (with something like HTTP Basic Auth)