Closed fnetX closed 4 years ago
kekskurse
commented
4 years ago Hey,
thanks for your message.
It seems that also "vue-chartjs" was missing in the package.json. I add both to the package.json.
The go dependencie is added in the readme.md. I will try to add go mod to this project soon that the go dependencies can also be installed with one command.
fnetX
commented
4 years ago But in the end I'm not even sure if I'm happy with this basicauth library. It looks unmaintained and even if the open issue about a timing attack is not likely to happen to my mail server control panel, I'll have to reconsider if it appears safe enough for me ...
kekskurse
commented
4 years ago Yes, its not perfect. It was just a short hack, when i start it was in a vpn where it was not so important.
I think it would be easy to add a login endpoint where the credential are checked and than use some kind of session store. The idea to add a "bigger" auth system required to add some database table and I think that will make the installation more complex.
What would be your preferred solution?
fnetX
commented
4 years ago Well, either go for a single password as with rspamd and others or allow for login integration ... I'm pretty sure there are libraries that do support many methods.
Another interesting thing would be to extend the database mail address list to store another "admin_role" bit. You could use the provided db password and mail address as login credentials and allow those users that have the password bit set ...
Hey,
I'm neither a node pro nor experienced with go dependencies, so I had some trouble when trying to build your project. After solving some issues with outdated node and npm versions, I apparently had to satisfy these two additional dependencies which are not mentioned in the building steps.
Please check and consider mentioning them if they are really necessary for building go-mail-admin as it might save someone's nerves :wink: Thank you.