lambrospetrou / tiddlyflare

Hosting platform for TIddlyWikis.
https://tiddly.lambros.dev
MIT License
5 stars 1 forks source link

Secure the wiki GET route #7

Open lambrospetrou opened 1 month ago

lambrospetrou commented 1 month ago
  1. Add in the admin UI an option to persist the token in a cookie for the domain.
  2. Extend the auth check to also attempt to read the token from the cookie if the header is not found.
  3. Add an auth check inside the WikiDO getFileSrc. With this, the user can choose which wikis should be publicly accessible, and which ones should be protected by the API key/cookie.

BTW, using the password encryption of TiddlyWiki is a quick surefire way to make sure even without this auth approach nobody can actually read the Tiddlers. See https://x.com/LambrosPetrou/status/1848648433382367578