Closed jb510 closed 2 months ago
Thank your for submiting, please be sure you followed template or your issue may be dismissed.
Authentication is available in ESP3D 2.1 and 3.0 but is not enabled by default : 2.1: https://github.com/luc-github/ESP3D/blob/2.1.x/esp3d/config.h#L88-L89 https://github.com/luc-github/ESP3D/?tab=readme-ov-file#default-configuration
3.0: https://github.com/luc-github/ESP3D/blob/2.1.x/esp3d/config.h#L88-L89 http://esp3d.io/esp3d/v3.x/documentation/authentication/index.html
The current mechanism is not the basic Auth - The login / password are send in POST then the FW keep tracking of the request of the IP and the Cookie generated by the IP and time. If no refresh between 3 min the cookie is revocate and need a new Login / password. Because there is no support of https for the moment this the best that can be done for the moment.
Is there any way to upload an .htaccess and .htpasswd file on v2 such that it is protected by basic auth?
No, the webserver is not httpd but espressif webserver which is very light due to MCU performance
If not, the super annoying question, how stable is 3.0 and could I use that instead?
2.1 is frozen version 3.0 is developement version but it is usable, several people use it - the choice is up to you
[!NOTE] WebUI is not a stand alone solution it go with corresponding FW and Specific Version WebUI 2.1 go with ESP3D 2.1, ESP3DLib 1.0, grblHAL WebUI 3.0 go with ESP3D 3.0, ESP3DLib 3.0, grblHAL and ESP3D-TFT 1.0
I read everything I could find and think I've inferred that v2 has no authentication capability. The v2 web UI is publically visible on the network, and literally anyone with network access as full control.
Reading the 3.0 documentation it sounds authentication is a feature there, and it sounds an awful lot like HTTP Basic Authentication.
Questions before I break things my first day using this.
Am I correct in my assumptions above?
Is there any way to upload an .htaccess and .htpasswd file on v2 such that it is protected by basic auth? If not, the super annoying question, how stable is 3.0 and could I use that instead?