search

theia-ide / theia-apps

Theia applications examples - docker images, desktop apps, packagings
Apache License 2.0
1.04k stars 345 forks source link

Port changing + Password LogIn #427

Closed mawoka-myblock closed 3 years ago

mawoka-myblock commented 3 years ago

Hello Everyone,

juanbits commented 3 years ago

for protect your deploy, you can use a reverse proxy with nginx

marcdumais-work commented 3 years ago

Hi @mawoka-myblock

  • is there a way to change the port to a custom one (with docker)?

yes. when you launch a container, you can specify which host port will be used. For example, to use port 3456:

docker run -it --init -p 3456:3000  theiaide/theia:latest
  • is there an easy way to secure theia with a password login?

Short answer: none that I know of. Longer answer: what @juanremi said above is a good start. I've heard of users also using keycloak with the reverse proxy, but I do not know the details how it's configured, and may be overkill for your use-case.

juanbits commented 3 years ago

if you dont have nginx, and wanna add password, you can too modify the server.js inside your container and do something like the next:

return cliManager.initializeCli(argv).then(function () {
    const application = container.get(BackendApplication);
    application.use((req, res, next) => {
// -----------------------------------------------------------------------
// authentication middleware

const auth = {login: 'YOURUSERNAMEHERE', password: 'YOURPASSWORDHERE'} // change this

// parse login and password from headers
const b64auth = (req.headers.authorization || '').split(' ')[1] || ''
const [login, password] = new Buffer(b64auth, 'base64').toString().split(':')

// Verify login and password are set and correct
if (!login || !password || login !== auth.login || password !== auth.password) {
res.set('WWW-Authenticate', 'Basic realm="401"') // change this
res.status(401).send('Authentication required.') // custom message
return
}

// -----------------------------------------------------------------------
// Access granted...
next()

then save your file inside the container, and restart the container https://github.com/eclipse-theia/theia/issues/411

juanbits commented 2 years ago

in older versions this solution works, but now,this not is working (modify server.js):

    app.use((req, res, next) => {
// -----------------------------------------------------------------------
// authentication middleware

const auth = {login: 'shopeando', password: '@juancarlos456'} // change this

// parse login and password from headers
const b64auth = (req.headers.authorization || '').split(' ')[1] || ''
const [login, password] = new Buffer(b64auth, 'base64').toString().split(':')

// Verify login and password are set and correct
if (!login || !password || login !== auth.login || password !== auth.password) {
res.set('WWW-Authenticate', 'Basic realm="401"') // change this
res.status(401).send('Authentication required.') // custom message
return
}

// -----------------------------------------------------------------------
// Access granted...
next()

});

what can i do? because the server.js structure was modified in the latests versions

marcdumais-work commented 2 years ago

@paul-marechal any ideas?

paul-marechal commented 2 years ago

@marcdumais-work no specific idea as this sounds vague to me.

what can i do? because the server.js structure was modified in the latests versions

Then change the structure of your patch as well? You should still be able to add express middlewares to the application.

juanbits commented 2 years ago

this code works, just modify the function defaultServeStatic in the server.js file

function defaultServeStatic(app) {
    app.use((req, res, next) => {
// -----------------------------------------------------------------------
// authentication middleware

const auth = {login: 'USERNAMEHERE', password: 'PASSWORDHERE'} // change this

// parse login and password from headers
const b64auth = (req.headers.authorization || '').split(' ')[1] || ''
const [login, password] = new Buffer(b64auth, 'base64').toString().split(':')

// Verify login and password are set and correct
if (!login || !password || login !== auth.login || password !== auth.password) {
res.set('WWW-Authenticate', 'Basic realm="401"') // change this
res.status(401).send('Authentication required.') // custom message
return
}

// -----------------------------------------------------------------------
// Access granted...
next()

});
    app.use(express.static(path.resolve(__dirname, '../../lib')))
}