search

francescou / docker-compose-ui

web interface for Docker Compose
http://francescou.github.io/docker-compose-ui
MIT License
1.54k stars 228 forks source link

add full authentication #87

Closed thomas-lamure closed 7 years ago

thomas-lamure commented 7 years ago

I think that it would be great to authorize to block all the requests if the user is not authenticated

This is why I request this.

It is also possible to set a read only user (full-authenticate) and a read-write user (authenticate)

francescou commented 7 years ago

Hello @thomas-lamure, thank you for your contribution.

I am not really keen on managing authentication/authorization in docker-compose-ui. Actually, I plan to deprecate the current @requires_auth decorator.

In production environments, I use nginx in front of docker-compose-ui to add basic authentication. I've found this to be much more flexible: I can add authentication only for specific endpoints (e.g. everything except GET requests) or I can have multiple levels of authentication (e.g. guest, read-only and administrator accounts).

Do you think thi approach would it suit your needs?

thomas-lamure commented 7 years ago

Ok, no problem, i did the same, i was just proposing it for those who does not want to proxyfy their requests.