Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Less "open" public website #554

Closed
3 of 9 tasks
shepner opened this issue Nov 28, 2020 · 5 comments
Closed
3 of 9 tasks

Less "open" public website #554

shepner opened this issue Nov 28, 2020 · 5 comments
Labels
status: idea-phase Work is tentatively approved and is being planned / laid out, but is not ready to be implemented yet why: functionality Intended to improve ArchiveBox functionality or features

Comments

@shepner
Copy link

shepner commented Nov 28, 2020

Type

  • General question or discussion
  • Propose a brand new feature
  • Request modification of existing behavior or design

What is the problem that your feature request solves

Occasionally I would like to share links to pages I have clipped. However, the public ArchiveBox site is rather "open" (very easy for anyone to look at everything stored in there) and Id rather if that was not the case. Im not asking for iron-clad security here but Id like to keep people (and bots) from snooping.

Describe the ideal specific solution you'd want, and whether it fits into any broader scope of changes

Ideally: Implement granular access controls to the website which are tied to user accounts which can exist in an external system (ie Okta, Authelia, LDAP, etc).
Minimally: Make it so the directory structure is not publicly visible, provide an option to disable public access to the archive root, and an option to entirely disable public archive access.

What hacks or alternative solutions have you tried to solve the problem?

Since I want to make ArchiveBox Internet accessible so I can archive sites from my mobile devices, the minimal solution above should provide a modicom of privacy and is better than expecting the user to somehow figure out how to do this via Nginx or the like.

How badly do you want this new feature?

  • It's an urgent deal-breaker, I can't live without it
  • It's important to add it in the near-mid term future
  • It would be nice to have eventually
  • I'm willing to contribute dev time / money to fix this issue
  • I like ArchiveBox so far / would recommend it to a friend
  • I've had a lot of difficulty getting ArchiveBox set up
@shepner shepner added why: functionality Intended to improve ArchiveBox functionality or features status: idea-phase Work is tentatively approved and is being planned / laid out, but is not ready to be implemented yet labels Nov 28, 2020
@pirate
Copy link
Member

pirate commented Nov 28, 2020
edited
Loading

Config options to manage which parts are public already exist:

image

ArchiveBox/archivebox/config.py

Line 71 in e4d2ac4

'PUBLIC_INDEX': {'type': bool, 'default': True}, 

archivebox config --set PUBLIC_SNAPSHOTS=True
archivebox config --set PUBLIC_INDEX=False
archivebox config --set PUBLIC_ADD_VIEW=False

You can also manage the Snapshot view/edit/add/delete permissions on a per-user basis under http://127.0.0.1:8000/admin/core/user/

@shepner
Copy link
Author

shepner commented Nov 29, 2020

Ok, I think I figured out what those settings do. Are they documented somewhere? Similarly, is there some documentation for the various user account permissions? I havnt found them in the wiki.

@pirate
Copy link
Member

pirate commented Nov 29, 2020

They are not documented yet because it's sort of a "beta" feature. We're planning on improving the permissions system in the future and this is just the bare minimum first version we implemented. I may add them to the Wiki but I haven't decided yet if we want to advertise these config options because they might change soon.

@shepner
Copy link
Author

shepner commented Nov 29, 2020

k. In that case, Ill try to keep an eye out for that. Thanks!

@shepner shepner mentioned this issue Nov 29, 2020
Closed
9 tasks
@cdvv7788
Copy link
Contributor

cdvv7788 commented Dec 5, 2020

@pirate we can close this one, right?

@pirate pirate closed this as completed Dec 5, 2020
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: idea-phase Work is tentatively approved and is being planned / laid out, but is not ready to be implemented yet why: functionality Intended to improve ArchiveBox functionality or features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pirate @shepner @cdvv7788