Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support HTTP basic auth via configuration #20

Open
Bustel opened this issue Feb 22, 2021 · 1 comment
Open

Support HTTP basic auth via configuration #20

Bustel opened this issue Feb 22, 2021 · 1 comment

Comments

@Bustel
Copy link

Bustel commented Feb 22, 2021
edited
Loading

Right now if I want to subscribe a room to a private feed I can do so via https://user:[email protected]/rss. This is however, unsatisfying because it exposes my credentials to the whole room.

A better solution would be to utilize aiohttp's basic auth capabilities for certain domains if an RSS admin does the subscription.

Some necessary steps:

  • Check headers['www-authenticate'] in parse_feed for 'Basic realm="Use test/basic"'
    This indicates that auth is needed
  • Add new configuration item, sth. like: 
    private_feeds:
   - url: "*.example.org"
     user: johndoe
     pw: supersecure
  • If we have credentials for the url, then self.http.get(url, auth=aiohttp.BasicAuth(user, pass))
  • If a subscription matches a private feed, only an rss-admin should be allowed to manage it

What do you think about such an enhancement? I would consider providing a pull request but i dont have a good dev setup here to test it.
@xrayn
Copy link

xrayn commented May 6, 2021

I would love to have such a feature too!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xrayn @Bustel