Skip to content

[pull] master from allinurl:master#83

Merged
pull[bot] merged 1 commit intodandycheung:masterfrom
allinurl:master
Mar 28, 2025
Merged

[pull] master from allinurl:master#83
pull[bot] merged 1 commit intodandycheung:masterfrom
allinurl:master

Conversation

@pull
Copy link
Copy Markdown

@pull pull bot commented Mar 28, 2025
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.1)

Can you help keep this open source service alive? 💖 Please sponsor : )

@allinurl
Added WebSocket authentication options --ws-auth and --ws-auth-expire.
95ca855 
This commit introduces two new command-line options to enhance WebSocket
security in GoAccess:

--ws-auth=<jwt[:secret]>: Enables JWT-based authentication for WebSocket
  connections. Supports an optional secret (as a string or file path) for token
  verification. Without a secret, it falls back to the GOACCESS_WSAUTH_SECRET
  environment variable or generates an HS256-compatible secret. When enabled, the
  HTML report delays bootstrapping initial data until authentication succeeds.

--ws-auth-expire=<secs>: Sets the JWT expiration time, defaulting to 3600
  seconds (1 hour). Supports flexible formats like "24h", "10m", or "10d" for
  user convenience.

These options strengthen real-time HTML output security by ensuring only
authenticated clients access the WebSocket feed.

Closes #2794, #1133, #2411
@pull pull bot added the ⤵️ pull label Mar 28, 2025
@pull pull bot merged commit 95ca855 into dandycheung:master Mar 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@allinurl