Feature Request: Add Basic Authentication to Web Interface

[TestingBytes]

As per https://github.com/ytti/oxidized/issues/285, it would be nice to see some basic authentication added to the web interface to avoid exposing switch configs.

[xdfil]

or at least a logout button for those who are using apache proxy with mod_auth_form that we can point to a logout URL

[devicenull]

Putting nginx or another web server in front definitely seems to make more sense then adding arbitrary auth to oxidized. You'd end up re-implementing a bunch of web server stuff. For example, if you want logins, you presumably also want TLS. So now oxidized needs to know how to set up TLS?

[ytti]

ACK. I mean we are using web server, it's not custom code, and there is middleware, so changing the web server is easy. However, I'm in same boat as you are. I initially only even thought about the web as an API, not as something that people use their GUI browser against.

But other people see differently, and as long as it's not harmful, I happily accept pull-request for making the Web UX more complete. I won't work on it myself.

[seekerOK]

I just add a logout button, a dirty workaround but is working for me in Chrome and using nginx basic auth.

 %button.ColVis_Button{type: 'button', onClick:'window.location.href="http://logout:logout@hostname/ip"'}
 %span.glyphicon.glyphicon-log-out Logout

added in nodes.haml just next to the reload and refresh button.