Open SciLor opened 6 months ago
am i correct that all changes regarding the user/pass must be done within https://github.com/toniebox-reverse-engineering/teddycloud_web/tree/7052a82a09de5ab1e605cd2dbf01ac78eadd32d3 ?
What do you mean by that? New developments are made in the develop branch
Yeah sorry, I wanna look if I can contribute a PR, since I am intrested in adding user/pass protection for the web interface.
The changes needed to be done are solely in the teddycloud_web repo, or am i wrong? Or do you want to authenticate all calls the webinterface does to the teddycloud backend?
Guess I'd start with looking into adding a login screen where default user+pass are created at first boot of teddycloud
The backend needs to do the authentication, either via username and password or via client certificates.
But as first step we could start protecting everything except the APIs used by the box (V1 / V2) I could prepare the backend for that.
If you are familiar with react feel free to implement a login screen / initial setup page. I think it makes sense to use a token based system, so the backend provides an API for first time setup + user / pass that results in a token that can be added as cookie / header later on. (JWT)
Sounds like a plan to me.
Familiar would be too much, but I'll give it a try
I have added some quick start docs to the teddycloud_web repo: https://github.com/toniebox-reverse-engineering/teddycloud_web/tree/develop
And as a first step I have added an option to expose the webinterface to http only. Expose webinterface via http only
And as a first step I have added an option to expose the webinterface to http only. Expose webinterface via http only
How can I set it to false? Just started a fresh installation of TeddyCloud and I cannot use flashing since the option doesn't load on the HTTP interface.
EDIT: I am running it as a docker container. Do I need to set an env or some entry in a config file?
And as a first step I have added an option to expose the webinterface to http only. Expose webinterface via http only
How can I set it to false? Just started a fresh installation of TeddyCloud and I cannot use flashing since the option doesn't load on the HTTP interface.
EDIT: I am running it as a docker container. Do I need to set an env or some entry in a config file?
you might set the settings level to 3 (expert) and then you should have that option available to set to disabled
@henryk86 works, thanks!
Currently, teddyCloud doesn't authenticate users or boxes.