Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    proxyAuth addon

    App Packaging & Development
    13
    41
    443
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimcavoli
      jimcavoli App Dev last edited by

      Agree on the default behavior - I imagine it's unlikely that anything more specific than path-level exceptions are unlikely. Perhaps as an extension to the solution that @mehdi suggests, we could extend the existing format of:

      {
        "proxyAuth": {
          "path": "/admin" 
        }
      }
      

      To take exceptions:

      {
        "proxyAuth": {
          "path": "/admin" ,
          "exclude": [
            "/webhook",
            "/
          ]
        }
      }
      

      Or with probably over-the-top features, make everything a map of path and exception(s):

      {
        "proxyAuth": {
          "paths": {
            "/" : [
              "/webhook",
              "/public"
            ],
            "/admin": []
          }
        }
      }
      

      Honestly, I appreciate the minimal-first approach, and I think the middle option of adding a (understood to be auto-wildcarded) array of exclusions is the easier next step. I can't imagine anything that would need the super-complex variant would be something that would or should rely on such a mechanism to secure it.

      girish 1 Reply Last reply Reply Quote 0
      • N
        nj @girish last edited by

        @girish I don't see the 2FA code prompt on the login page of Simple Torrent. Am I missing something?

        Some benefits of having this on the platform side (as opposed in the app are):

        • 2FA login
        mehdi 1 Reply Last reply Reply Quote 0
        • mehdi
          mehdi App Dev @nj last edited by

          @nj I don't think this is implemented either:

          • Session management in the user's profile page. i.e can logout from apps etc

          I think @girish just meant that it would be possible to implement this in the future, not that it would be in the first version of proxyAuth.

          1 Reply Last reply Reply Quote 0
          • girish
            girish Staff last edited by

            @nj I have logged it here - https://git.cloudron.io/cloudron/box/-/issues/748 . As @mehdi said, it wasn't implemented as part of the first iteration of proxyAuth.

            1 Reply Last reply Reply Quote 0
            • girish
              girish Staff @jimcavoli last edited by

              @jimcavoli Shall I go with path: "!/webhooks" for now? Will this be enough for n8n ?

              jimcavoli 1 Reply Last reply Reply Quote 0
              • jimcavoli
                jimcavoli App Dev @girish last edited by

                @girish Yeah, that would be enough for n8n I think, though if we're going to go that route, I think making paths an array of either path(s) and/or ! paths makes the most sense in general (at least somehow providing for the option of multiple excluded paths)

                girish 1 Reply Last reply Reply Quote 0
                • girish
                  girish Staff @jimcavoli last edited by

                  @jimcavoli won't having it plural cause some confusing semantics if you mix ! and no ! paths ? Let me think 🤔

                  mehdi 1 Reply Last reply Reply Quote 0
                  • mehdi
                    mehdi App Dev @girish last edited by

                    @girish It works for .gitignore files 🤷

                    girish 1 Reply Last reply Reply Quote 1
                    • girish
                      girish Staff @mehdi last edited by

                      @mehdi great point. I can copy what they do.

                      M 1 Reply Last reply Reply Quote 1
                      • M
                        murgero App Dev @girish last edited by murgero

                        @girish Currently I have an app that this does not work on - is there something special I need to do in the app beyond adding the addon to the addon list?

                        Edit: I am blind I swear - just formatted the JSON incorrectly for the manifest.

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post