Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Protect Web UI / REST API #14

Open
thim81 opened this issue Jun 13, 2019 · 4 comments
Open

Feature request: Protect Web UI / REST API #14

thim81 opened this issue Jun 13, 2019 · 4 comments
Labels
feature request

Comments

@thim81
Copy link
Contributor

thim81 commented Jun 13, 2019
edited
Loading

Hi Reddec,

The Web UI & REST API is a very valuable for viewing and managing the supervisor services but it is also very public, if you want to be manage it outside an internal network.

Would it be possible to a parameter to the REST API configuration where you could set acces_token or something like that.

If you access the REST API you have to add the acces_token in the request header, which will then be validated before responding the API response.

The same token could be used to protect the /UIbut there I'm not sure what is possible for GO. Ideally it would request a "password input" to be able to view the web ui.
@thim81
Copy link
Contributor Author

thim81 commented Jun 13, 2019

I'm not familiar with GO otherwise, I would have tried to create a PR.
Perhaps if you could point me in the direction in the code, I could try to figure it out?

@reddec
Copy link
Owner

reddec commented Jun 13, 2019

Hi Thim!

It's a very good feature.

If you will be interested to make it by yourself, I will be very glad to help to navigate you as much as I can.

First: all HTTP-related code is in plugins/adp_http.go. Because there is no need to change supervisor core logic, I don't think that you will need any other files (except main.go for flags)

Second: I may recommend you to think about basic authorization approach instead of access tokens: if it implemented properly we can archeve those benefits in a future:

  • pluggable authentication model including, but not limiting to passwd files, kerberos, JWT and so on
  • browser will generate proper login form automatically
  • it's a standart

Of course for the start static username and password will be more than enough

@thim81
Copy link
Contributor Author

thim81 commented Jun 13, 2019

Hi Reddec,

Could you write a small instruction on howto get started with development of the monexec?

Something like?

  1. go mod vendor: to download all dependencies
  2. go run main.go : to run the codebase
  3. go build main.go : to build the binary

@reddec
Copy link
Owner

reddec commented Jun 14, 2019

Hi Thim!

I tried to make a document for that last night: https://github.com/reddec/monexec/blob/master/CONTRIBUTING.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thim81 @reddec