flok icon indicating copy to clipboard operation
flok copied to clipboard

Published 20 hours ago verified publisher icon munshkr

Restrict session creation (single-session mode)

Open jwaldmann opened this issue 4 years ago • 1 comments

Currently, anyone who has, or has guessed, the server url, can create a session.

Sure, the session is only a text buffer, but - if I am running a server, I don't want it to be known as a free-for-all message exchange site.

Could we have this as an alternative (to be chosen when starting the server):

  • when the server is started (from the cmd line), a session is created,
  • no session can be created via GUI. (the "home page" does not need to exist.)

The server could then print the session token to stdout, this would make it easier to start the repl. In fact, in this mode of operation, the server could (optionally) start the repl.

jwaldmann avatar Apr 13 '20 21:04 jwaldmann

We can add a --single-session option to flok-web. As you mentioned, this would generate a unique session and only expose the /s/[session_id] route for that session only.

munshkr avatar May 29 '22 13:05 munshkr