Implement proper auth, add Dockerfile, allow prioritizing accounts and log request IP #23
Conversation
Xh4H
changed the title
docs/api-http.md
Outdated
|
|
||
| ### Dashboard Authentication | ||
|
|
||
| The web dashboard (`/dashboard`) requires authentication: |
There was a problem hiding this comment.
Why enforce auth? I'm running it in a private network & I'd expect lots would also - requiring auth might be a PITA.
I think the best way to go would be:
- Optional auth (toggle through config/env with a boolean
AUTH_REQUIRED) - Ability to create API keys for the
/v1/messagesendpoint- Track the usage of each key
- Helps track usage across multiple machines
- Also - for sure, if you're going to run it in public, I would suggest putting it behind an API key
Thoughts?
There was a problem hiding this comment.
Auth is enforced to access dashboard and endpoints, although using it through Claude Code is still available with no authentication.
I would be fine with a toggle for an optional auth for those who are using ccflare for themselves, but I'd be happy if auth was set by default, as this tool has certain important capabilities which should be somewhat protected.
In my case, we are running a PoC in my company, and we have it currently over my fork, and having auth is a must have!
About the messages endpoint, I am not very familiar with it, although by looking at the docs, it makes sense to be able to create API keys, and be able to track their usage.
Happy to discuss further!
|
I am against forcing auth, strongly. Optional is fine. I run tailscale, I would never expose this and don't need auth. I imagine my config is like the majority. |
|
Thanks for the suggestions, folks. I've made the auth disabled by default, switchable with an environment variable. |
3 participants
In this PR you will find multiple additions: