monexec
monexec copied to clipboard
reddec
Feature request: Protect Web UI / REST API
Hi Reddec,
The Web UI & REST API is a very valuable for viewing and managing the supervisor services but it is also very public, if you want to be manage it outside an internal network.
Would it be possible to a parameter to the REST API configuration where you could set acces_token or something like that.
If you access the REST API you have to add the acces_token in the request header, which will then be validated before responding the API response.
The same token could be used to protect the /UIbut there I'm not sure what is possible for GO. Ideally it would request a "password input" to be able to view the web ui.
I'm not familiar with GO otherwise, I would have tried to create a PR. Perhaps if you could point me in the direction in the code, I could try to figure it out?
Hi Thim!
It's a very good feature.
If you will be interested to make it by yourself, I will be very glad to help to navigate you as much as I can.
First: all HTTP-related code is in plugins/adp_http.go. Because there is no need to change supervisor core logic, I don't think that you will need any other files (except main.go for flags)
Second: I may recommend you to think about basic authorization approach instead of access tokens: if it implemented properly we can archeve those benefits in a future:
- pluggable authentication model including, but not limiting to
passwdfiles, kerberos, JWT and so on - browser will generate proper login form automatically
- it's a standart
Of course for the start static username and password will be more than enough
Hi Reddec,
Could you write a small instruction on howto get started with development of the monexec?
Something like?
- go mod vendor: to download all dependencies
- go run main.go : to run the codebase
- go build main.go : to build the binary
Hi Thim!
I tried to make a document for that last night: https://github.com/reddec/monexec/blob/master/CONTRIBUTING.md