Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Basic Auth only on protected routes #211

Open
wants to merge 7 commits into
base: master
Choose a base branch
from

Conversation

adamgall
Copy link

@adamgall adamgall commented May 13, 2020

Closes #210

  • Remove "basic auth" middleware from the root app, which is enabled if user has BTCEXP_BASIC_AUTH_PASSWORD set
  • Beef up the app/auth.js middleware implementation to consolidate demo and you need to set a password to access this route behavior
  • Use the auth middleware directly on the protected routes

@adamgall adamgall changed the title Feature/selective auth Basic Auth only on protected routes May 13, 2020
@Kixunil
Copy link
Contributor

Kixunil commented Oct 12, 2020

Would it be possible to add SSO the same way Thunderhub and RTL do it? They allo authentication by adding a suffix (e.g. token=...) to the URL. (I don't care what the suffix looks like, even #... is fine)

# Conflicts:
#	routes/baseRouter.js
@shesek
Copy link
Contributor

shesek commented Dec 4, 2020

I would like to have authentication for the entire btc-rpc-explorer instance, is this still possible with this PR?

@Kixunil
Copy link
Contributor

Kixunil commented Dec 4, 2020

@shesek that's already possible and I actually use it in my repository. It's basic HTTP auth which sucks if you want SSO, but better than nothing I suppose.

@shesek
Copy link
Contributor

shesek commented Dec 4, 2020

@Kixunil Yes, I know, I use this too (I was actually the one that sent the PR for this). Was just wondering if this PR removed that option or not.

@Kixunil
Copy link
Contributor

Kixunil commented Dec 5, 2020

Based on this comment I think it was kept.

@shesek
Copy link
Contributor

shesek commented Dec 16, 2020

Looking at the code, it seems like it was not.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Only require RPC password when actually viewing RPC routes
5 participants