-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
basic auth credentials for api #1341
Conversation
Codecov Report
@@ Coverage Diff @@
## main #1341 +/- ##
==========================================
- Coverage 62.48% 62.44% -0.05%
==========================================
Files 113 113
Lines 12020 12027 +7
==========================================
- Hits 7511 7510 -1
- Misses 3915 3921 +6
- Partials 594 596 +2
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
Hello there are two possible ways to protect the API listener:
We can certainly work towards the second approach, but keep in mind that handling security directly is not a "best practice" approach since there's a high risk of causing security issues. In my work i always try to avoid developing security components directly, i generally use a series of rugged security components (identity servers, gateways, WFAs, etc) and i put them before my services. Anyway, we can certainly add a basic security layer to the server too, but i think that basic authentication will not be enough. |
having a simple level of protection like basic auth would be useful, it would avoid adding additional software such as reverse proxy and its maintenance will still remain almost zero cost since everything is implemented by gin |
If I may ask, is this PR going to be merged? I am working on a system with MediaMTX inside and this feature wuold be very much appreciated. |
@eravellaSC i'm working on an authentication system that will support explicit credentials, external authentication or JWTs along the entire server, including paths and API. In the meanwhile, in order to protect the API, you can use a reverse proxy. |
Hi @aler9 any update on this. |
the implementation of jwt seems like something that takes a long time to be completed, many people simply want to block requests to the api via basic auth, this solution however remains very easy to maintain and solves many of the cases |
replaced by #3081 |
This is a new authentication system that covers all the features exposed by the server, including playback, API, metrics and PPROF, improves internal authentication by adding permissions, improves HTTP-based authentication by adding the ability to exclude certain actions from being authenticated, adds an additional method (JWT-based authentication).
This issue is mentioned in release v1.6.0 🚀 |
No description provided.