Correct me if I'm wrong:
Right now this can only really be deployed behind a firewall or some additional auth, right? Even when repos are restricted to particular organizations or users, anyone with a Github account can log into your Strano installation and use it to fire stuff off using your ssh key.
This commit adds a new configuration option, open_login, which restricts users' ability to access the app at all, based on the user's github login or organization membership. This makes it much safer to deploy this excellent app on a publicly accessible server.
Also turned on disallow / in robots.txt, for philosophically similar reasons.
Correct me if I'm wrong: Right now this can only really be deployed behind a firewall or some additional auth, right? Even when repos are restricted to particular organizations or users, anyone with a Github account can log into your Strano installation and use it to fire stuff off using your ssh key.
This commit adds a new configuration option,
open_login, which restricts users' ability to access the app at all, based on the user's github login or organization membership. This makes it much safer to deploy this excellent app on a publicly accessible server.Also turned on
disallow /in robots.txt, for philosophically similar reasons.