Server suggestion: add HTTP basic access authentication

[csdvrx]

The current HTTP server is ideal to process curl request within the shell, but does not have any form of authentication: this make it susceptible to DoS attacks interfering with normal use: while token are generated, normal request get error codes.

I suggest adding a login/password mechanism: the simplest would be the Authorization: Basic <credentials> header, where credentials is the base64 encoding of ID and password joined by a single colon, as specified by RFC 7617 and 2617.

This is only meant to protect against direct firewall misconfiguration or portscanning when deploying on a forwarded port.

Protecting against captured/replayed HTTP traffic can be done separately by using an HTTPS proxy like stunnel.

[SlyEcho]

It doesn't seem to be supported by the HTTP library so we would have to include a lot of (potentially unsecure) custom code.

I would suggest to use an nginx reverse proxy to add authentication and SSL, etc.

This is only meant to protect against direct firewall misconfiguration or portscanning when deploying on a forwarded port.

Please use a VPN like Wireguard, Tailscale, Zerotier etc. and don't forward the port to everybody to use.

For most users the server's default setting is to only bind to localhost which should be secure enough and is pretty standard for all kinds of services.

[randxie]

+1 to @SlyEcho , it's better to keep the model server simple and do authentication separately.

[github-actions]

This issue was closed because it has been inactive for 14 days since being marked as stale.