Replies: 1 comment
-
|
Brilliant stuff -- thanks! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Recently, a user requested that the GUI for TVWB not be accessible to anyone publicly snooping IPs or Ngrok URLs.
I felt this was a totally reasonable request and actually changed the default mode of TVWB is started in.
Note: This effects only the GUI. Webhook events are "protected" via their keys. (i.e. you need to send data to TVWB with a valid key in order to trigger an event)
Currently, there are two modes.
Open
In open mode, the GUI can be accessed by simply visiting the IP or Ngrok URL that TVWB is hosted on. (i.e.
http://yourIp:5000/This is not that secure, since anyone would theoretically be able to access your GUI and by extension, your keys. Nobody would be able to actually look inside and see how your event runs... but it would also defeat the purpose of having keys to begin with and also generally, I imagine, people wouldn't want their GUI exposed to the entire internet. So, going forward, TVWB will be run in "CLOSED" mode by default. It is possible to turn on "OPEN" mode by runningtvwb start --open-gui. This can be useful for development or testing purposes.Closed [Recommended and default]
In closed mode, to access the GUI, you will need to pass a query parameter called
guiKey. This is automatically generated for you and also printed to the console upon starting the server. So in actuality, when run in production (or by an end user) there is very little work that has to be done while running in this mode. Running in this mode ensures that your GUI is protected by entropy.An example of the URL you would be accessing with closed mode on is:
The only realistic downside to running the GUI in this mode is that you will have to either bookmark or copy + paste the URL when you want to access it. The upside is that this will make it virtually impossible for someone snooping around IP addresses or URLs to access your GUI.
Feel free to ask any questions or for any clarifications!
Beta Was this translation helpful? Give feedback.
All reactions