owine
commented
1 year ago There was some discussion on this in #194
Does a clean setup not prompt to setup auth/credentials?
Closed GiorgioBrux closed 1 year ago
owine
commented
1 year ago There was some discussion on this in #194
Does a clean setup not prompt to setup auth/credentials?
GiorgioBrux
commented
1 year ago Does a clean setup not prompt to setup auth/credentials?
The web setup does not.
What happens is that it realizes it's exposed to the internet without auth and stops serving requests until the user manually edits the config.yml and solves the problem. This should clearly be addressed in some way by the role, either by automagically using the credentials in account.yml, by using authelia, or something else.
GiorgioBrux
commented
1 year ago owine
commented
1 year ago Thanks. Merging so it works out of the box.
Description
Stash is an organizer for porn. Since no sane person would want their personal porn collection accessible by anyone on the internet, the default should be to protect it with authelia. Currently, the stash role isn't protected by authelia and the built-in auth isn't configured. This means that any rando can potentially take destructive actions like deleting stash's database or deleting files. This PR addresses this by adding authelia to
stashin the defaults.How Has This Been Tested?
Since this is a one-line trivial edit I've not tested it.