Comments (24)
I found this issue on IssueHunt. Can I try to implement this?
from photoprism.
Using a middleware is a good start. We can also chat if you like: @lastzero on Telegram or join #photoprism in the gophers Slack (see Wiki).
from photoprism.
To document what I've just written in the chat:
Not sure if basic auth works because of our API as we are using JS to access it... must be tested. Maybe it's better to work with a token that can be stored in localStorage
. I've implemented something like that already (you can reuse the JS code, backend is written in PHP):
- https://github.com/symlex/symlex/blob/master/frontend/src/common/session.js
- https://github.com/symlex/symlex/blob/master/src/Service/Session.php
You'd have to implement a session endpoint like /api/v1/session
for login and logout in Go that works in a similar way, see https://github.com/photoprism/photoprism/tree/develop/internal/api
Maybe https://github.com/gin-contrib/sessions is helpful for that (never used it before).
Ideally we find a mechanism that also works for other clients like smartphone apps that use our API
in the future. Our Config must be extended with a password field:
- https://github.com/photoprism/photoprism/blob/develop/internal/context/config.go
- https://github.com/photoprism/photoprism/blob/develop/internal/commands/flags.go
- https://github.com/photoprism/photoprism/blob/develop/internal/photoprism/config.go
We should use http-password
(for the flag) / HttpPassword()
(for the function) as we're also running a SQL server that can use a different password (that password would be sql-password
then).
from photoprism.
We'll add a new issue... But need to implement this first.
from photoprism.
wondering if it would be a good idea to use OpenId here, so anyone who is hosting themselves can use their preferred or their existing OpenId Connect Server.
So instead of doing password authentication, may be we should just add support for OpenId Connect Client, and then using configuration, you can set which openId server you will use
from photoprism.
How shall I explain that to Laura? She knows a little bit Open Office, uses Facebook and has a dog.
from photoprism.
Tell her, not to worry much and do the best what she can do. I believe someone from community would create a PR if they would need this feature. Basically I was thinking on the same lines and thought it would be a good idea to share here.
from photoprism.
Ideally I would make it multi-user. In my use-case there are family photos and the family members have their personal photos that are not super secret but just need to be separated from the family photos. So I recommend more brainstorming about auth before even implementing a proof of concept. Any auth is not necessary for an alpha release I think but it needs to be a solid solution whenever it's approaching a beta level.
from photoprism.
When users see a multi-user login, they will think it's super secure. Either a good solution or no solution. In the worst case you run multiple instances and share. You would also need to configure multiple paths etc... every time you import e.g. from a SD card, you need to decide into which collection... makes the whole thing much more complex and complicated.
from photoprism.
I like this idea to authenticate users. Maybe this library will solve the problem: https://github.com/markbates/goth
from photoprism.
@0x46616c6b Already on my list! Nice user image ;)
A gin middleware like https://github.com/pjebs/restgate might be a better option for the use case (didn't look at it in detail yet). I don't really want to sign in with Facebook or Amazon at home, on my private photo collection. But the goth
package is great otherwise.
from photoprism.
@issuehuntfest has funded $20.00 to this issue. See it on IssueHunt
from photoprism.
If we use HTTP basic auth with gin, I think the following code is a good example.
https://github.com/gin-gonic/gin#using-basicauth-middleware
from photoprism.
Thank you for your reply! I'll join the Slack workspace 🆗
from photoprism.
Just came across this project.
I see we're primarily leveraging docker/docker-compose for installation. Therefore may I suggest an alternative of using NGINX auth_request along with another tiny service to do the actual authentication (with whatever web service/services we desire).
For this project it may only exist as documentation / a sample docker-compose.yml
, because the actual authentication service and NGINX configuration would be very loosely coupled to this project.
We do this at work to authenticate against Office365 auth services, the actual docker services themselves are completely unaware of the authentication.
from photoprism.
Many potential users want to run the final software as a single binary without Docker, so we can't just use a proxy. Also some sort of auth is required when we add sharing functionality later.
from photoprism.
Fair point about single binary, but you're already requiring MySQL, so it's not really just a single binary already...
I think you can do basic auth with only NGINX. It's certainly really easy to pass extra headers through to identify users.
Still presuming you still allow disabling auth, anybody can put what I describe in front of photoprism as a way to customize / harden / whatever. They'd just loose the identity for sharing.
from photoprism.
We use TiDB. Pure Go. MySQL ist just for testing. See https://blog.liquidbytes.net/2018/12/personal-photo-management/
from photoprism.
In which case I understand your preference and TiDB looks pretty interesting, even though I'm way more into Docker/Microservices than Go.
from photoprism.
Would be great to have the ability to provide read-only access to photos collection ( with no authentification) and provide the ability to delete\upload data if the user authenticated.
from photoprism.
@alexkutsan We will certainly build something like that, but want to finish albums and settings first.
from photoprism.
@lastzero should it be a separate issue? Or you will implement it in the scope of this one?
from photoprism.
For those that need a simple auth setup. You can put nginx in front of this app and have it do the HTTP Basic Auth check. First create an htpasswd file:
sudo htpasswd -c /path/to/your/users.htpasswd USERNAMEHERE
Then add this to your nginx config (assuming you are serving the docker image on port 2342):
server {
server_name photo.example.com;
...
location / {
auth_basic "Private";
auth_basic_user_file /path/to/your/users.htpasswd;
...
proxy_pass http://localhost:2342;
}
}
from photoprism.
@lastzero has rewarded $16.00 to @graciousgrey. See it on IssueHunt
- 💰 Total deposit: $20.00
- 🎉 Repository reward(10%): $2.00
- 🔧 Service fee(10%): $2.00
from photoprism.
Related Issues (20)
- Picture Handling: Use Archive to conveniently manage second priority pictures
- Docker Photoprism error after server reboot
- Stacks: Stack files by dc:identifier HOT 1
- UX : Add Favorites section to main navigation for users with role viewer
- Metadata: Support reading GPS information from xmp HOT 2
- Frontend: Direct Link to images in frontend HOT 1
- Docker Compose: Rename `docker-compose.yml` to `compose.yaml`
- Account: Allow Users to Manage App Passwords from the UI HOT 7
- HEIC: Support spatial images as used for Apple Vision Pro HOT 2
- Index: Skip JPEG files with a ".heic" extension HOT 7
- Videos: Support FFmpeg hardware transcoding with Orange Pi Rockchip HOT 2
- Search: advanced search "subject" looks to use "keyword" items HOT 1
- JPEGs in ProPhoto have odd colors HOT 1
- Import: Preserve modification times when moving or copying files HOT 1
- Search: Implement "comprehensive" search (search by name fragments incl. numbers OR persons OR places etc.) HOT 7
- Performance: Add index for `files.file_error` to reduce query time HOT 9
- People: Add the ability to select photo used for a person's face in people
- Metadata: Use file mod time instead of birth time as creation time fallback HOT 3
- Images with the same Document ID in XMP files are not stacked
- Metadata: Files with an invalid F-number fail to index HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from photoprism.