search

swingmx / swingmusic

Swing Music is a beautiful, self-hosted music player for your local audio files. Like a cooler Spotify ... but bring your own music.
https://swingmx.com
MIT License
666 stars 41 forks source link

Admin access ? #172

Open 123321mario opened 5 months ago

123321mario commented 5 months ago

hi! 👋

I hope you're all doing well. I've been using Swing Music and loving it so far! However, I've noticed a potential security gap that I think is worth addressing.

Currently, it seems like anyone can access the settings page. This could be a potential security risk, since people can access this from WAN if the --host argument is used...

I suggest implementing a simple user authentication system to control access to the settings (or maybe later to limit access to some folders). This would be cool to add since I usually share my music with my friends. It would be also nice if a guest access could be granted (login needed only for accessing settings)

Looking forward to seeing this in the future releases!

Cheers,

cwilvx commented 5 months ago

Hi @123321mario

Thanks for raising this issue. The authentication feature is lined to be added together with accounts (like Netflix) in the near future.

The feature will not land in the next release, but it's coming soon enough.

Thanks.