Add basic authentication to the web console

shermand100 / PiNodeXMR

Monero Node for Single Board Computers with Web Interface and additional tools pre-configured. Self Installing.

GNU General Public License v3.0

213 stars 40 forks source link

Add basic authentication to the web console #68

Closed devinpearson closed 2 years ago

devinpearson commented 2 years ago

Add optional user authentication to the web console.

Suppose one uses the node on a publicly accessible network or in a shared environment. In that case, they should be able to enable basic authentication to prevent their node from being controlled.

shermand100 commented 2 years ago

Absolutely. Can this be made as an option at the end of the installer where a user chooses if they want to enable a password, and set it. The required package apache2-utils seems to be included with apache2 or Ubuntu but it can be added to the dependencies just in case that ever changes.

This project already uses a custom /etc/apache2/sites-enabled/000-default.conf file so adding the required settings should be easy. Note the updater script would also currently overwrite the 000-default.conf file if a user updates so re-configuration could be added to the updater, or find a way to make it persistent.

devinpearson commented 2 years ago

Here is a simple way to get this right with just apache https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-apache-on-ubuntu-14-04

shermand100 commented 2 years ago

I'd been playing with options and think I've covered user interactions I can think of:

User can set password
User can change password
User can Enable/Disable Password requirement
User can run PiNodeXMR Updater script and password requirement state is maintained

The method used here is clunky but functional in overwriting 000-default.conf with a file version with the required block (simply commented in/out):

<Directory "/var/www/html">
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
</Directory>

I tried messing around with removing the comment # tag from the desired lines with 'sed' string searches but actually got messier than just overwriting the file. As in this PR:

PR75

https://github.com/monero-ecosystem/PiNode-XMR/pull/75

Is there a better way. If it'll do the job then I'll merge it in.

shermand100 commented 2 years ago

Reviewing this feature request. Did some more basic testing:

From the terminal Settings Menu -> Extra network tools.

User can Create/Update a password for HTML Auth (Username is always 'pinodexmr')
User can enable the password requirement
User can disable the password requirement

As always we can re-open this should further development be needed.