search

pipes-digital / pipes

Repository for Pipes
https://pipes.digital
GNU Affero General Public License v3.0
264 stars 21 forks source link

restriction of users? #132

Closed Krotosz6 closed 8 months ago

Krotosz6 commented 1 year ago

Is there any way to limit the number of logins or the IP limit from which I can log in?

onli commented 1 year ago

Hi @Krotosz6 Do you run pipes-ce yourself and want to limit it, or is it about an account on pipes.digital?

For pipes.digital you would use your email address, for example rely on the account protection of gmail. I'm not sure that an IP limit is possible that way, but 2FA is.

Same thing if you host pipes-ce yourself. But then you could also change the configured portier broker to a self-hosted instance, which you can then protect however you want. To set this custom portier broker url you would edit the server.rb and add set :browserid_url, "http_path_of_the_broker" somewhere near the other configuration lines. Not ideal, but should work.

See https://github.com/portier/sinatra-portier for some information on how to configure the portier gem, and https://github.com/portier/portier-broker for the broker itself.

Krotosz6 commented 1 year ago

Hi @Krotosz6 Do you run pipes-ce yourself and want to limit it

Exactly. I would like to limit only to trusted users.

For pipes.digital you would use your email address, for example rely on the account protection of gmail. I'm not sure that an IP limit is possible that way, but 2FA is.

Same thing if you host pipes-ce yourself. But then you could also change the configured portier broker to a self-hosted instance, which you can then protect however you want. To set this custom portier broker url you would edit the server.rb and add set :browserid_url, "http_path_of_the_broker" somewhere near the other configuration lines. Not ideal, but should work.

thanks. I will try it. :)

See https://github.com/portier/sinatra-portier for some information on how to configure the portier gem, and https://github.com/portier/portier-broker for the broker itself.

thanks :)

onli commented 1 year ago

Maybe one idea more: If you host a ruby/sinatra app like pipes, there are often two layers of web servers: The ruby webserver (like puma) and the regular web server like nginx. I admit that I never really understood why it is done that way, but see https://www.digitalocean.com/community/tutorials/how-to-deploy-sinatra-based-ruby-web-applications-on-ubuntu-13 for an older example. Both these layers give you additional options to add access control, like IP limits in nginx, just don't forget to also whitelist your or the shared portier broker.

onli commented 8 months ago

I assume this is solved and close the issue. Please just re-open if the issue remains.