Add authentication check for boxes and webinterface users

[SciLor]

Currently, teddyCloud doesn't authenticate users or boxes.

• The webinterface should support user/pass protection
• The box' certificate should be checked against the ca.

[H3npi]

am i correct that all changes regarding the user/pass must be done within https://github.com/toniebox-reverse-engineering/teddycloud_web/tree/7052a82a09de5ab1e605cd2dbf01ac78eadd32d3 ?

[SciLor]

What do you mean by that? New developments are made in the develop branch

[H3npi]

Yeah sorry, I wanna look if I can contribute a PR, since I am intrested in adding user/pass protection for the web interface.

The changes needed to be done are solely in the teddycloud_web repo, or am i wrong? Or do you want to authenticate all calls the webinterface does to the teddycloud backend?

Guess I'd start with looking into adding a login screen where default user+pass are created at first boot of teddycloud

[SciLor]

The backend needs to do the authentication, either via username and password or via client certificates.

But as first step we could start protecting everything except the APIs used by the box (V1 / V2) I could prepare the backend for that.

If you are familiar with react feel free to implement a login screen / initial setup page. I think it makes sense to use a token based system, so the backend provides an API for first time setup + user / pass that results in a token that can be added as cookie / header later on. (JWT)

[H3npi]

Sounds like a plan to me.

Familiar would be too much, but I'll give it a try

[SciLor]

I have added some quick start docs to the teddycloud_web repo: https://github.com/toniebox-reverse-engineering/teddycloud_web/tree/develop

And as a first step I have added an option to expose the webinterface to http only. Expose webinterface via http only

[boxcee]

And as a first step I have added an option to expose the webinterface to http only. Expose webinterface via http only

How can I set it to false? Just started a fresh installation of TeddyCloud and I cannot use flashing since the option doesn't load on the HTTP interface.

EDIT: I am running it as a docker container. Do I need to set an env or some entry in a config file?

[henryk86]

And as a first step I have added an option to expose the webinterface to http only. Expose webinterface via http only

How can I set it to false? Just started a fresh installation of TeddyCloud and I cannot use flashing since the option doesn't load on the HTTP interface.

EDIT: I am running it as a docker container. Do I need to set an env or some entry in a config file?

you might set the settings level to 3 (expert) and then you should have that option available to set to disabled

[moritzschmitz-oviva]

@henryk86 works, thanks!