hummingbot / dashboard

Application that helps you create, backtest, deploy, and manage Hummingbot instances
Apache License 2.0
191 stars 127 forks source link

Feat/backend api security and minor fixes #188

Closed cardosofede closed 3 weeks ago

cardosofede commented 3 weeks ago

Is necessary to run the broker via Docker, and this version of the Backend-API via source or docker: https://github.com/hummingbot/backend-api/pull/37

In this PR we should test the following things (is necessary to do a fresh install of the environment):

  1. Auth system: change in CONFIG.py AUTH_SYSTEM_ENABLED to True by default (so you don't need to set up an env variable or set the env variable, as you want) -- > line 20 of the image. Test that the login is working well for admin abc that is the default.

  2. Backend API security: as you can see lines 24 and 25 were added to introduce two new env variables. By default, the user and pass are (admin, admin) for Backend API. If you run the Dashboard you should be able to use it without problems. The next thing will be:

    • Changing the config in the backend api and run it again (check the .env file and change the username)
    • Changing the default from admin to something else In the last two scenarios, the dashboard should not work.

image

rapcmia commented 3 weeks ago

PR update:

rapcmia commented 3 weeks ago

Attached recording of XEMM Controller accessible when unauthorized:

https://github.com/user-attachments/assets/d1845fb8-f097-4bc4-9ceb-cc5d217a13fc

nikspz commented 3 weeks ago

0c9238a

image Docker backend-api-PR37 + dashboard PR188

  1. Cloned PR188 and set AUTH_SYSTEM_ENABLED True
  2. manually built docker image with docker build -t hummingbot/dashboard:development -f Dockerfile .
  3. cloned backend-api-PR37 and manually built docker image with docker build -t hummingbot/backend-api:development -f Dockerfile .
  4. cloned deploy repo and use setup_dev.sh to run dashboard

Actual: Reviewed not asked for authentication image image

notion-workspace[bot] commented 3 weeks ago

Feat/backend api security and minor fixes #188