zero01101 / openOutpaint

local offline javascript and html canvas outpainting gizmo for stable diffusion webUI API 🐠
MIT License
509 stars 45 forks source link

[Feature Request]: Add the ability to specify authorization data in addition to the host #289

Open PhantomArt opened 5 months ago

PhantomArt commented 5 months ago

Is your feature request related to a problem? Please describe.

My AUTOMATIC1111 panel is open to the Internet via https and closed by authorization. I want to be able to connect to it from openOutpaint.

Describe the solution you'd like

I've written the details below.

Proposed workflow

The solution is to add an Authorization header to all HTTP requests, something like this:

headers["Authorization"] = "Basic " + btoa(username + ":" + password);

After this, the headers need to be passed to fetch.

I suggest adding optional username and password parameters and placing them in the interface as fields next to the host field.

Describe alternatives you've considered

About a year ago I found all the fetch calls in the code and hardcoded this header there in a hurry, and it worked. I don't remember if I had to change anything else in the code, but I remember that it didn't take long.

Additional context

No response

seijihariki commented 3 months ago

While easy to implement, we need to decide where this information would be persisted, if at all. If not persisted, authentication would have to be required on every refresh. If persisted, we could store the credentials in localStorage. Although that is a bit insecure, I don't think there are much better alternatives...

We can add a "remember me" on the login prompt so the user can choose whether to store the plaintext credentials or not (maybe with a warning).

What do you think, @zero01101?

zero01101 commented 3 months ago

@PhantomArt apologies for missing this for so long, i'm bad at this

@seijihariki O_O hey man! holy cow, how've you been? to be perfectly honest, i've done so very little with this other than keeping controlnet actually working and the soft inpainting - effectively, i'm down for whatever as long as it doesn't impede non-credentialed use lol :D no argument about plaintext maybe shouldn't live in localstorage on a basic security standpoint but we're not exactly doing banking here so it's probably pretty ok as long as folks stick to good password hygiene ;)