search

opensemanticsearch / open-semantic-search

Open Source research tool to search, browse, analyze and explore large document collections by Semantic Search Engine and Open Source Text Mining & Text Analytics platform (Integrates ETL for document processing, OCR for images & PDF, named entity recognition for persons, organizations & locations, metadata management by thesaurus & ontologies, search user interface & search apps for fulltext search, faceted search & knowledge graph)
https://opensemanticsearch.org
GNU General Public License v3.0
941 stars 164 forks source link

Allowing user access to search list and fuzzy search while limiting access to management tools #457

Open pengchuan-lin-bp opened 1 year ago

pengchuan-lin-bp commented 1 year ago

Hello,

First of all, great work!

I tried to limit user access to management tools in OSS. I followed the instructions, and it worked great!

However, because search list and fuzzy search functionalities are both added via Django webapps, limiting user access to management tools under /search-apps also blocks out search list and fuzzy search functionalities as well, which is not ideal since they are not really management tools and should be open to the users.

After some online searching, I found a hacky way to allow user access to search list and fuzzy search while limiting access to management tools by modifying /src/open-semantic-search-apps/etc/opensemanticsearch-django-webapps/apache.conf:

    <If "-f '/etc/opensemanticsearch-django-webapps/.htpasswd'">

        AuthType Basic
        AuthUserFile /etc/opensemanticsearch-django-webapps/.htpasswd
        AuthName "Open Semantic Search"

        # The two lines below are added in
        SetEnvIf Request_URI /search-apps/morphology noauth
        SetEnvIf Request_URI /search-apps/search-list noauth

        <RequireAny>
            #The line below is added in
            Require env noauth
            Require valid-user
            Require ip 127.0.0.1
            Require ip ::1
        </RequireAny>

    </If>

The three lines that were added in will make exceptions for search list and fuzzy search based on their URL, but this method also introduces some issues:

  1. If and only if search and management tools both require authentications, then user can access search list and fuzzy search even without proper authentication for search. Basically, search authentication won't get checked because management tools authentication already exits, which gets bypassed anyway.
  2. The formatting of search list and fuzzy search page will be awkward because css files seems to have trouble loading.

Just raising this issue to because search list and fuzzy search shouldn't count as management tools in my opinion, as well as to help anyone that has similar issues.

mrdacina commented 1 year ago

Hello My Friend,

How can I do authentication with domain user and password?

Best Regards