skeeto
commented
8 years ago It's definitely possible. HTTP basic access authentication is trivial and I've implemented it on simple-httpd before. However, TLS isn't something that's easy to retrofit onto simple-httpd, if you care about that.
In this case, I think an access token would be more appropriate than a username/password combo. Have elfeed-web generate a random token and add it to a list, which gets persisted somehow (configuration, customization?). Every POST/PUT/DELETE would require the token. Since there's no TLS, maybe we'd even want something like HTOP to prevent replay attacks (only an active MITM could mess things up).
Hello!
It isn't critical, but would be very nice if elfeed web api had some kind of authentication. I don't know simple-httpd so I don't know how difficult is implement this. Do you think it is possible?
Thanks