Comments (4)
Hi,
It seems that I missed to include a needed field in the example configuration.
Please try to insert the following option to your alexandrie.toml
file, and try again:
[frontend.auth]
# You need to replace this by the origin of the endpoint with which users will access your Alexandrie instance.
# This is needed for creating the correct `redirect_uri` for OAuth 2 authentication flows (currently: GitHub/GitLab).
# If you are not using GitHub or GitLab to authenticate, then this value will never be used and can be set to anything.
origin = "http://localhost:3000"
This should resolve your issue, feel free to comment here again if the error persists or if you encounter another configuration-related error.
from alexandrie.
While what you're asking for is not possible as of today, this is a feature that would indeed be useful, and interest for exactly this has already been expressed in #93.
I think I should definitely work on the ability to make the frontend inaccessible to logged-out users.
But keep in mind that Cargo itself does not send authorization tokens for all API endpoints (like the crate download and search endpoints that cargo uses in cargo fetch
and cargo search
, for example), as described in the Cargo's alternative registry documentation.
This means that logged-out users, despite being unable to access the frontend, would still be able to download or search the crates, if they know which endpoints to hit.
This was the reason why I haven't implemented it to be fully private in my initial iteration of Alexandrie.
The Cargo team has accepted an RFC (rust-lang/rfcs#3139) proposing to add a new auth-required
configuration option (both in the registry's index and in the users' configuration) to require Cargo to send the authorization tokens for absolutely all API endpoints.
While the RFC has been accepted and the implementation work in Cargo has been done, the feature is still unstable (tracking issue: rust-lang/cargo#10474), and therefore only usable using Nightly Rust.
Still, I think this should not block the work to make atleast the frontend private, and possibly start working on the foundations in preparation of the upcoming stabilization of that Cargo feature.
I just need to get around to design and implement this properly.
I hope that, in the time being, the absence of this feature is not too much of an inconvenience.
(Since the support of this feature is unrelated to this GitHub issue, I'll be closing it through the merge of PR #155)
from alexandrie.
@Hirevo Hi,Please tell me, how to make it necessary to log in to see the content, otherwise there is only one login page? Thank you!😁
from alexandrie.
@Hirevo
Thank you very much for your professional answer. There is not much impact at present, and I look forward to getting better and better. Thank you for your contribution to the community!
from alexandrie.
Related Issues (20)
- Some potential data racing issues
- Self-modifying login form password field interferes with the Firefox remember password feature
- ERROR: insert or update on table "sessions" violates foreign key constraint "sessions_author_id_fkey" HOT 1
- After updating to Merge pull request #116 ,i can't publish new version of crates
- Question about database and build process
- Best method to remove/delete a crate HOT 1
- Enable git HTTPS authentication via username/password
- TLS support HOT 3
- Cargo checksum verification fails HOT 14
- cargo owner --add error HOT 4
- Consider switching to tokio/axum/hyper stack HOT 9
- Add `WebIdentityProvider` to AWS credentials chain
- IO error: No such file or directory (os error 2) HOT 1
- feat: verdaccio equivalent
- Consider if migrating to `tower-sessions` is appropriate HOT 8
- Option to enable authentication for all cargo API routes HOT 2
- Hide login and register buttons if they are disabled HOT 1
- Adding Categories and Keywords pages to help browsing and discovering of new crates
- Github OAuth breaks on second OAuth attempt, after first prompt was denied by user.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from alexandrie.