HaveAGitGat
Login for Tdarr, to protect it when exposed to the internet
Is your feature request related to a problem? Please describe.
I use my Tdarr instance in a VM on my Server. And i like looking at it, checking the queue and stuff like that from another PC, and also from another Network. But since there is no way of locking the web interface behind a password or anything like that, i end up shuting the VM down whenever its not doing anything, so that noone can change my settings, look at private info or anything like that. And i dont even like it being public an hour or something like that.
Describe the solution you'd like
I would want a login screen, i dont care if its multiple accounts, or just a password i set in the config, or anything like that. I just wanna make sure that only people, who are supposed to see Tdarr and its Settings, see it.
Describe alternatives you've considered
There are none i could think of.
Additional context
Nothing to add.
I advise against running Tdarr publicly in the first place. Instead, run it behind a VPN.
Tdarr has such destructive power with her plugins, since they're just JS and can do whatever they want. A login would help a little bit, but if someone has ill intentions, they'll get past that before you notice anyways. And since plugins have basically direct access to Node, in theory they could download a malicious script that installs a keylogger on your system or even worse.
From a security standpoint, I don't think you'd want Tdarr publicly accessible, even if it has authorization. But I'm not the developer :)
I advise against running Tdarr publicly in the first place. Instead, run it behind a VPN.
Tdarr has such destructive power with her plugins, since they're just JS and can do whatever they want. A login would help a little bit, but if someone has ill intentions, they'll get past that before you notice anyways. And since plugins have basically direct access to Node, in theory they could download a malicious script that installs a keylogger on your system or even worse.
From a security standpoint, I don't think you'd want Tdarr publicly accessible, even if it has authorization. But I'm not the developer :)
I didnt mean the password for entering as an actual security measure, just as a way to keep curious people out. Not a hacker, not a script kiddy, just your average guy from around the corner that noticed that there is a subdomain to a website without password.
Stick an oauth proxy/authelia/etc before it, that's probably your best way to secure something like that with minimal effort (assuming you have something like this running for other apps)
Stick an oauth proxy/authelia/etc before it, that's probably your best way to secure something like that with minimal effort (assuming you have something like this running for other apps)
Good idea, i will do that for now. Would be nice anyways to not have to do that.
Opening it to the internet is still a bad idea. You never know when a random guy decides to wipe your PC. Happened to me recently when I accidentally left a port open. Be careful.
I used Apache2 as a reverse proxy with basic authentication to make sure noone else gets in now.
Works like a charm.
Duplicate of https://github.com/HaveAGitGat/Tdarr/issues/297 so will close this and handle there ty
@ToasterUwU added here fyi: https://github.com/HaveAGitGat/Tdarr/issues/297
2.18.01 released with auth: https://github.com/HaveAGitGat/Tdarr/issues/297