Add Basic HTTP Auth Config #166

jimafisk commented 2023年01月31日 22:11:43 +01:00

This PR adds basic HTTP auth per project: #163

You enable this by optionally adding a .auth file to the branch/repo for your website. The format for the contents of this file is simply username, password on a single line.

You can add multiple user/password combinations if you'd like:

user1, mypass
user2, anotherpass

This PR adds basic HTTP auth per project: https://codeberg.org/Codeberg/pages-server/issues/163 You enable this by optionally adding a `.auth` file to the branch/repo for your website. The format for the contents of this file is simply `username, password` on a single line. You can add multiple user/password combinations if you'd like: ``` user1, mypass user2, anotherpass ```

fsologureng commented 2023年01月31日 23:45:38 +01:00

Hi, I don't understand how you can protect the password from being read?

Hi, I don't understand how you can protect the password from being read?

jimafisk commented 2023年01月31日 23:53:34 +01:00

@fsologureng - can't you serve public websites from a private repo if you're using GITEA_API_TOKEN? Or are you worried about the password being exposed in transit?

@fsologureng - can't you serve public websites from a private repo if you're using `GITEA_API_TOKEN`? Or are you worried about the password being exposed in transit?

fsologureng commented 2023年01月31日 23:58:00 +01:00

@fsologureng - can't you serve public websites from a private repo if you're using GITEA_API_TOKEN? Or are you worried about the password being exposed in transit?

Ok, so this is a feature just for private repos. Now is clarified, thank you.

> @fsologureng - can't you serve public websites from a private repo if you're using `GITEA_API_TOKEN`? Or are you worried about the password being exposed in transit? Ok, so this is a feature just for private repos. Now is clarified, thank you.

jimafisk commented 2023年02月01日 00:12:01 +01:00

so this is a feature just for private repos

Yes sorry that wasn't clear. You could use it in a public repo but you'd be relying on security through obscurity. For anything too sensitive (long-term private data), I honestly would implement a more robust auth solution in your app (use https://pocketbase.io/ or something similar). For my use-case, I just wanted to be able to hide websites that I'm working on before they're launched, but have the ability to share them with clients so they can see progress.

> so this is a feature just for private repos Yes sorry that wasn't clear. You could use it in a public repo but you'd be relying on security through obscurity. For anything too sensitive (long-term private data), I honestly would implement a more robust auth solution in your app (use https://pocketbase.io/ or something similar). For my use-case, I just wanted to be able to hide websites that I'm working on before they're launched, but have the ability to share them with clients so they can see progress.

6543 commented 2023年02月01日 06:30:56 +01:00

well for the feature itselve, i wont block it ...

... how caching is done, thats what i dislike (also as its done in the current codebase)

If you allow me to "edit the pullrequest" I'll going to push some changes next week to it.

Thanks for upstreaming :)

well for the feature itselve, i wont block it ... ... how caching is done, thats what i dislike (also as its done in the current codebase) If you allow me to "edit the pullrequest" I'll going to push some changes next week to it. Thanks for upstreaming :)

fnetX commented 2023年02月01日 10:20:38 +01:00

I think this is outside the scope for Codeberg to maintain. Rather leave the patch around for people to cherry-pick.

I think this is outside the scope for Codeberg to maintain. Rather leave the patch around for people to cherry-pick.

jimafisk commented 2023年02月01日 16:52:22 +01:00

... how caching is done, thats what i dislike (also as its done in the current codebase)

I wasn't sure about this either, I was trying my best to copy the model from custom domains. Not sure if it makes sense to cache this at all, just didn't want to put extra load if was going to be a performance issue constantly reading .auth files.

If you allow me to "edit the pullrequest" I'll going to push some changes next week to it.

I'm totally fine with you making changes as you see fit. If there is something I need to do to allow this, just let me know.

I think this is outside the scope for Codeberg to maintain. Rather leave the patch around for people to cherry-pick.

That's ok if you don't want to pull this in, I know we discussed previously. I needed it for my project and I figured other folks might need it for theirs so I wanted to share it.

Note: currently it will log ERR could not read .auth of owner/repo error="not found" so if we decide to pull this in, we should clean that up since lots of repos intentionally won't have .auth files. Thanks!

> ... how caching is done, thats what i dislike (also as its done in the current codebase) I wasn't sure about this either, I was trying my best to copy the model from custom domains. Not sure if it makes sense to cache this at all, just didn't want to put extra load if was going to be a performance issue constantly reading `.auth` files. > If you allow me to "edit the pullrequest" I'll going to push some changes next week to it. I'm totally fine with you making changes as you see fit. If there is something I need to do to allow this, just let me know. > I think this is outside the scope for Codeberg to maintain. Rather leave the patch around for people to cherry-pick. That's ok if you don't want to pull this in, I know we discussed previously. I needed it for my project and I figured other folks might need it for theirs so I wanted to share it. **Note:** currently it will log `ERR could not read .auth of owner/repo error="not found"` so if we decide to pull this in, we should clean that up since lots of repos intentionally won't have `.auth` files. Thanks!

fnetX commented 2023年02月02日 02:02:28 +01:00

Yeah thanks for providing the patch, it's surely interesting for others. If there is some more demand from others (even if not Codeberg but other instances), this would be fine, but in general I think it's really not a best fit for the concept of this project, but happy you were able to adapt it to your needs.

Yeah thanks for providing the patch, it's surely interesting for others. If there is some more demand from others (even if not Codeberg but other instances), this would be fine, but in general I think it's really not a best fit for the concept of this project, but happy you were able to adapt it to your needs.

jimafisk commented 2023年02月02日 20:47:09 +01:00

No problem! That makes sense, as I mentioned on another PR I think my use case is rather specific, so rather than extending this project to handle every possible scenario, it probably makes sense for me to fork the base system for my specific needs. Thanks, I'll close this out!

No problem! That makes sense, as I mentioned on [another PR](https://codeberg.org/Codeberg/pages-server/pulls/168#issuecomment-789512) I think my use case is rather specific, so rather than extending this project to handle every possible scenario, it probably makes sense for me to fork the base system for my specific needs. Thanks, I'll close this out!

crystal commented 2023年02月02日 20:50:04 +01:00

Consider leaving it open so other people can easily find it to cherry-pick if they want to try.

Consider leaving it open so other people can easily find it to cherry-pick if they want to try.

jimafisk commented 2023年02月02日 20:53:27 +01:00

Oops sorry. Re-opened!

Oops sorry. Re-opened!

fsologureng commented 2023年02月03日 00:48:19 +01:00

@jimafisk Maybe a PR against the README of this repo pointing to your little fork would make sense to simplify access to people whose want to replicate your use case (or part of).

@jimafisk Maybe a PR against the README of this repo pointing to your little fork would make sense to simplify access to people whose want to replicate your use case (or part of).

jimafisk commented 2023年02月03日 02:01:08 +01:00

@fsologureng I'd be happy to do that if the maintainers don't think it's taking away this project.

@fsologureng I'd be happy to do that if the maintainers don't think it's taking away this project.

fsologureng commented 2023年02月03日 03:23:43 +01:00

@fsologureng I'd be happy to do that if the maintainers don't think it's taking away this project.

I really don't believe so. But I am not the last word ;)

> @fsologureng I'd be happy to do that if the maintainers don't think it's taking away this project. I really don't believe so. But I am not the last word ;)

6543 commented 2023年02月11日 04:11:44 +01:00

we need some integration test and a test repo ...

e.g.: https://codeberg.org/Codeberg/pages-server/pulls/159/files#diff-bb7421cb6838f804b1a3ed4529887f274c0ee43f

we need some integration test and a test repo ... e.g.: [https://codeberg.org/Codeberg/pages-server/pulls/159/files#diff-bb7421cb6838f804b1a3ed4529887f274c0ee43f](https://codeberg.org/Codeberg/pages-server/pulls/159/files#diff-bb7421cb6838f804b1a3ed4529887f274c0ee43f)

6543 commented 2023年02月14日 04:12:56 +01:00

@jimafisk please merge main into the feature branch :)

@jimafisk please merge main into the feature branch :)

jimafisk commented 2023年02月14日 05:49:34 +01:00

@6543 I force pushed, sorry if that wasn't the thing to do. Just let me know if I need to clean this up a bit. Thanks!

@6543 I force pushed, sorry if that wasn't the thing to do. Just let me know if I need to clean this up a bit. Thanks!

6543 commented 2023年02月15日 17:06:59 +01:00

well if rebasing things works for you it's fine ...

well if rebasing things works for you it's fine ...

mtribiere commented 2024年07月17日 12:08:24 +02:00

Any new on this feature? I also have a use case for having finer access control.
Probably something that mirrors Gitea's read rights on a repo.

Any new on this feature? I also have a use case for having finer access control. Probably something that mirrors Gitea's read rights on a repo.

This pull request has changes conflicting with the target branch.