sctg-development / sctgdesk-server

Rendez-vous server, API server and web console for Rustdesk 100% in Rust ( integrated version, for standalone see https://github.com/sctg-development/sctgdesk-api-server )
https://sctg-development.github.io/sctgdesk-api-server
GNU Affero General Public License v3.0
111 stars 20 forks source link

feat: control end need to login before access #12

Closed tonylu00 closed 1 month ago

tonylu00 commented 1 month ago

This commit provide "The control end need to login before access" feature.

close https://github.com/sctg-development/sctgdesk-api-server/issues/14

I made this because my service was used by a scammer. This caused my IP to be blocked by my ISP.

Usage: Use LOGGED_IN_ONLY=Y hbbs to start, or add LOGGED_IN_ONLY=Y to the environment.

If the client is logged in, the token in PunchHoleRequest is access_token, otherwise, it is empty. It only checks if the control side is logged in, not if the session is valid. The API side might need some modifications to provide a way to verify access_token, but I can't think of a way to do this.

aeltorio commented 1 month ago

hi @tonylu00 , thank you for your contribution. ronan