Open aivs opened 8 years ago
Hi, thanks for this feature request. It makes sense and I will add it in a future version.
Your App looks great - is this possible now? I would like to use it with Openhab, so authentication is crucial...
Sorry, I did not find any time yet (though it sure makes sense). The time for the feature is not the problem, but in the meantime a lot has changed for Swift and iOS.
The documentation of openHAB says that it does not (yet) support restricting access....
and it proposes to use basic authentication with nginx....it is just a proposal.
If you already run an nginx I would propose that you could use a workaround for the problem, i.e. use rewriting and map all commands. Use a password-like string as a prefix to the real path.
Instead of simply proxying everything
proxy_pass http://localhost:8080/;
extend the proxy rules and add a rewrite for the secured command, i.e.
rewrite /hereGoesAComplicatedUrlEscapedString/(.*) /$1 break;
Then you use the http://exthost:port/hereGoesAComplicatedUrlEscapedString/original/command/path
in iControl Web configuration.
I am not an nginx expert. Test if the real commands are still passed. If yes, catch everything in a last rule and send it to the nirvana
rewrite /(.*) /non/existent/path break;
Keep in mind to always use https, because in both cases (complicatedPath or basic auth), the clear password would be visible to a MITM attack. (Not using https with the complicatedPathMethod is worse because URLs could be captured by proxies, browser history, etc). If you still want to use basic auth elsewhere, I propose that you create a dedicated virtual host and use name based virtual hosts.
You can also use this method to expose only a subset of commands, i.e.
rewrite /hereGoesAnotherComplicatedUrlEscapedString/ /url/to/real/command/one break;
rewrite /hereGoesAThirdComplicatedUrlEscapedString/ /url/to/real/command/two break;
So entering a url like https://user:password@example.com isn't possible?
URLs like https://user:password@example.com are interpreted by the browser. So it is not possible. You have to go through the workaround or a VPN or anything else which can be used in infrastructure
Therefore there would need to be code to interpret it.
any updates on this? I'd pay 5 € for this
Many SmartHome controllers are uses Basic authentication to access to HTTP API. I use Raspberry Pi with app Z-Way to control my Z-Wave Devices. Z-Way requires login and password for HTTP commands. I know many other controllers that supported basic authentication, so the list of compatible SmartHome controllers will increase, if you add the support of sending HTTP commands with basic authorization.