Open eifinger opened 6 years ago
schollz
commented
6 years ago @eifinger Not really. The main use-case here is for LAN homes so that should be pretty good protection.
Its not too hard to add authentication though, but it needs to be added across the ecosystem (in the app, the cli tool and the server). I have an idea of how to do this, but its not really a priority for me personally. If you'd like though, I'd be happy to help guide you how to do it.
eifinger
commented
6 years ago My first idea was something like https://stackoverflow.com/questions/5011102/apache-reverse-proxy-with-basic-authentication?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa. What would you suggest?
schollz
commented
6 years ago I think something like that would work. In fact you can do it very easily with something like Caddy (basicauth / user pw).
If you do that, then I believe all you need to do is add credentials to your endpoints - https://user:pw@cloud.internalpositioning.com/api/....
I haven't tried this yet, so I think their may be an issue. But let me know and I should be able to fix it.
Wykks
commented
5 years ago Tested, it's not working (with android client, the web ui works of course). Done it with nginx, and it's sending back 401.
Do you have any plans regarding authentication? I plan to use the GPS feature of the app to keep track of my phone when it's outside my home. But for that I will have to expose the server to the internet and right now everybody could create new families etc.
I would like to have an account with user/password (maybe even certificate) required in order to connect to the server and would prefer not to use my proxy server for that. What are your thoughts on that?