Running error！！！[frontend] missing field `origin` about alexandrie HOT 4 CLOSED

Hi,
It seems that I missed to include a needed field in the example configuration.
Please try to insert the following option to your alexandrie.toml file, and try again:

[frontend.auth]
# You need to replace this by the origin of the endpoint with which users will access your Alexandrie instance.
# This is needed for creating the correct `redirect_uri` for OAuth 2 authentication flows (currently: GitHub/GitLab).
# If you are not using GitHub or GitLab to authenticate, then this value will never be used and can be set to anything.
origin = "http://localhost:3000"

This should resolve your issue, feel free to comment here again if the error persists or if you encounter another configuration-related error.

from alexandrie.

While what you're asking for is not possible as of today, this is a feature that would indeed be useful, and interest for exactly this has already been expressed in #93.

I think I should definitely work on the ability to make the frontend inaccessible to logged-out users.

But keep in mind that Cargo itself does not send authorization tokens for all API endpoints (like the crate download and search endpoints that cargo uses in cargo fetch and cargo search, for example), as described in the Cargo's alternative registry documentation.

This means that logged-out users, despite being unable to access the frontend, would still be able to download or search the crates, if they know which endpoints to hit.

This was the reason why I haven't implemented it to be fully private in my initial iteration of Alexandrie.

The Cargo team has accepted an RFC (rust-lang/rfcs#3139) proposing to add a new auth-required configuration option (both in the registry's index and in the users' configuration) to require Cargo to send the authorization tokens for absolutely all API endpoints.

While the RFC has been accepted and the implementation work in Cargo has been done, the feature is still unstable (tracking issue: rust-lang/cargo#10474), and therefore only usable using Nightly Rust.

Still, I think this should not block the work to make atleast the frontend private, and possibly start working on the foundations in preparation of the upcoming stabilization of that Cargo feature.
I just need to get around to design and implement this properly.

I hope that, in the time being, the absence of this feature is not too much of an inconvenience.

(Since the support of this feature is unrelated to this GitHub issue, I'll be closing it through the merge of PR #155)

from alexandrie.

@Hirevo Hi，Please tell me, how to make it necessary to log in to see the content, otherwise there is only one login page? Thank you！😁

from alexandrie.

@Hirevo
Thank you very much for your professional answer. There is not much impact at present, and I look forward to getting better and better. Thank you for your contribution to the community!

from alexandrie.