Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: disable auth #92

Closed
Cheezzhead opened this issue Nov 7, 2024 · 11 comments · Fixed by #101
Closed

feat: disable auth #92

Cheezzhead opened this issue Nov 7, 2024 · 11 comments · Fixed by #101

Comments

@Cheezzhead
Copy link

Cheezzhead commented Nov 7, 2024
edited
Loading

Description

First of all, thanks for this great app! I was initially planning on staying with Autoscan (at least until it wouldn't work anymore), but after testing out this project, it's the elegant UI that instantly convinced me to stay with this.

The only question I have is whether it's possible to disable authentication, for these reasons:

  • Many users have their own authentication solution, such as Authelia, Authentik, Keycloak, etc. As these solutions are dedicated to authorization they will de facto be better than any login process provided by other apps (whose primary function is not auth).
  • Storing a password on disk (in this case, either as an environment variable in a docker compose.yml file, or as an option in the config.yaml file) is generally considered unsafe. As this app doesn't currently have any built-in way to securely store and retrieve variables, one should consider any password set for this app to be insecure; meaning that another authorization service would have to be put in front of the web UI anyway. So practically speaking the ui needs 2 password to access in order for it to be secure.
  • Even without a UI to worry about, common use-cases have sonarr, radarr etc. running on the same host as Autopulse and talking to each other internally; securing these endpoints internally is nice but ultimately unnecessary.

I'm willing to help out if necessary, just let me know!

Additional Information

No response
@dan-online
Copy link
Owner

Heya @Cheezzhead, that's no problem at all. I'm glad you like the app/UI! I'll open a quick pull request to add an "enabled" property to Auth, defaulted to true, so that you can disable it if need be.

@dan-online dan-online mentioned this issue Nov 7, 2024
Merged
4 tasks
@dan-online
Copy link
Owner

I think a separate PR too would be to add some env to ui with perhaps:

DEFAULT_SERVER_URL=<blah>
FORCE_SERVER_URL=false/true
DEFAULT_AUTH=user:pass
FORCE_AUTH=false/true

so for no auth:

FORCE_SERVER_URL=true
FORCE_AUTH=true

@Cheezzhead
Copy link
Author

Cheezzhead commented Nov 8, 2024
edited
Loading

Looks awesome!

How would the DEFAULT_AUTH variable differ from the AUTOPULSE__AUTH__USERNAME and AUTOPULSE__AUTH__PASSWORD? Or would it just be a shorthand?

Edit: Tested it out with enabled: false, works like a charm. Thanks!

@dan-online
Copy link
Owner

Heya @Cheezzhead the extra envs would be for the UI, so that if you have a disabled auth, you wouldn't need to see the login page

@vember31
Copy link

vember31 commented Nov 9, 2024
edited
Loading

Heya @Cheezzhead the extra envs would be for the UI, so that if you have a disabled auth, you wouldn't need to see the login page

I think this would be fantastic! I love the idea of being able to set an env variable to disable auth on the UI, as well as set an env variable for the default server as well. I'm just using Autopulse locally with no traffic going outside of my LAN so not too worried about auth. Plus will only be using one server instance of Autopulse so being able to set a default server for the UI makes a lot of sense.

Thank you for all the work on this @dan-online 😊

@dan-online dan-online mentioned this issue Nov 10, 2024
Merged
4 tasks
@dan-online
Copy link
Owner

Hey @vember31 feel free to try out danonline/autopulse:ui-pr-101 with the env as specified in #101!

@dan-online
Copy link
Owner

All done @vember31 / @Cheezzhead. Let me know if you have any issues :)

@vember31
Copy link

Thanks @dan-online !

I didn't get a chance to try it until just a moment ago (when it was merged into the main branch) but I might be doing it wrong? the UI kept giving me errors that it didn't seem to like the URL I provided & wouldn't start.

Is this the proper way to get it setup?

  • Config file has auth.enabled: false
  • UI should have these env vars set:
FORCE_DEFAULT_SERVER_URL=true
DEFAULT_SERVER_URL=[URL of the autopulse app]:2875
FORCE_AUTH=true

Is that what you'd expect for a no-auth setup?

I've since gone back to using auth & it works fine but I can reproduce the issue again if needed to help with any debugging :)

@dan-online
Copy link
Owner

dan-online commented Nov 12, 2024
edited
Loading

Hey @vember31 just fixed the doc in 2def886, essentially you just need:

FORCE_AUTH=true
FORCE_SERVER_URL=https://localhost:2875

# Optional
FORCE_USERNAME=admin
FORCE_PASSWORD=password

@Cheezzhead
Copy link
Author

Cheezzhead commented Nov 12, 2024
edited
Loading

Works for me!

  autopulse-ui:
    image: danonline/autopulse:ui
    container_name: autopulse-ui
    # ...
    environment:
      ORIGIN: https://pulse.${DOMAIN}
      FORCE_SERVER_URL: http://autopulse:2875
      FORCE_AUTH: true

I first set the variables on the backend container instead of the ui because I hadn't had my coffee yet, just mentioning it in case anybody else makes the same mistake haha

@vember31
Copy link

Thank you both! With these two env vars set + doing config with auth.enabled: false

FORCE_AUTH=true
FORCE_SERVER_URL=https://localhost:2875

I was able to get it working as expected :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ui): environment variables dan-online/autopulse
3 participants
@Cheezzhead @vember31 @dan-online