IntegratedREST icon indicating copy to clipboard operation
IntegratedREST copied to clipboard

Published 20 hours ago verified publisher icon CyclopsMC

Token/password protected http proxy

Open thetakodev opened this issue 7 years ago • 5 comments

Issue type:

  • :heavy_plus_sign: Feature request

Short description:

Please add an option to protect with password, token or whatever, so you can send requests with a second parameter for this basic auth(still better than nothing), so other people cant break you systems, by sending random http requests.

(I just want to make a reactor controller app for android, would be so much satisfaction to do, pls add)

thetakodev avatar Jul 13 '18 13:07 thetakodev

This would definitely be interesting to have.

I have a huge list of feature request before this though, so don't expect this anytime soon. PRs are welcome though.

rubensworks avatar Jul 14 '18 05:07 rubensworks

I've started some work on this. Do y'all have any feelings on how it is implemented? Off the top of my head I'm thinking....

  • New string config param apiToken. Defaults to blank which preserves existing behavior.
  • Somewhere around here check to see if the apiToken is not blank. If it's not then check for the X-IntegratedRest-Token header and compare. Proceed as normal if it matches, throw a 403 if it does not.

otakup0pe avatar Jul 29 '20 02:07 otakup0pe

I had in mind to use HTTP's basic authentication protocol: https://en.wikipedia.org/wiki/Basic_access_authentication Should be supported already by most HTTP server-side and client-side libraries.

rubensworks avatar Jul 29 '20 09:07 rubensworks

Aite I'll go with basic auth. Do we want to support multiple users / .htpasswd style or just a single user/pass in the config?

otakup0pe avatar Jul 29 '20 18:07 otakup0pe

I would suggest multiple users directly in the config. Should be easy to implement as a map or list.

rubensworks avatar Jul 30 '20 06:07 rubensworks