Voyz
pause gw through a remote command, e.g. REST call
Motivation We know about the authentication issues that can arise (https://github.com/Voyz/ibeam/wiki/Troubleshooting#authentication-loop) Also a local (re)start of iBeam can require a new authentication process. I feel very uncomfortable to confirm an 2FA authentication request on my cell phone while not at home, as I don’t know if this is an IB issue, a restart or a potential unwanted access request. Even more concerning as in the authentication app I do not see for which accout nor for what client (or IP) this request is coming, I would need to blindly confirm. Another use case is to use my credentials for an interactive session. iBeam intercepts my interactive session by trying to connect. I know the solution with a 2nd use account and also use it. But there are situations when I still need to use the credentials configured in iBeam. Workaround: I could of course stop/start iBeam itself, but it would be more convenient to make that control from outside.
Describe the feature Build a functionality into iBeam to remotely pause and un-pause any attempt to login/authenticate. Could we use the existing REST API to submit such command?
Expected interaction Request to iBeam: /ibeam/gw-stop Request to iBeam: /ibeam/gw-start I don’t have much expertise in this field, but I assume iBeam can intercept the incoming requests and process some itself while the IB requests are forwarded to IB.
conf.yaml should get an option to start iBeam in pause/stop mode.
Possible implications I don't see any. Not using those calls would not break the existing functionality.
Additional context use those calls in iBind to have tight control of when the gw should be active or inactive.
Let me know your thoughts…
Sure 👍 Thanks for the suggestion! I've published voyz/ibeam:0.5.4-rc2, let me know if that works for you.
I'm not sure how this will impact the security of the system, but I've put together a version that carries out such functionality.
I piggy backed it on the health server we're currently already using. Ideally this would eventually be turned into an AdministrationServer or something along these lines.
There are two endpoints:
http://localhost:5001/activate
http://localhost:5001/deactivate
Calling these will result in calling these functions:
def on_activate(self) -> bool:
if self._active:
return True
_LOGGER.info('Activating')
self._active = True
return True
def on_deactivate(self) -> bool:
if not self._active:
return True
_LOGGER.info('Deactivating')
self._active = False
self.http_handler.logout()
self.process_handler.kill_gateway()
return True
Additionally, you can set the IBEAM_START_ACTIVE=False env var in order to start in a deactivated state. Just one note regarding that:
conf.yaml should get an option to start iBeam in pause/stop mode.
IBeam doesn't currently have access to the conf.yaml contents, and ideally we don't want it to. Hence this is implemented as an env var instead.
Let me know how it goes 👍
Great work, @Voyz ! Both activate/deactive calls work. Env var works, this is perfectly fine, no need for the conf.yaml.
on the security question: somebody who can communicate to the iBeam server can easily read all my account data, even submit orders. (de)activating the gw is a way lower concern for me. But: I may miss a real concern.
In any case, the rc2 perfectly meets my needs. I would be happy to see this merged into main, but it is of course your call.
Great 👏 I'll let you know when it gets fully released. Thanks for adding your comment on the security concern. I'll leave this open for some time to let others contribute should this be a bad idea. Once again, thanks for the suggestion!
I'm going to close this Issue as it is now released in voyz/ibeam:0.5.4. Let me know if you'd like to reopen it and continue the discussion. Thanks for contributing 👍