Refactor settings and authentication repositories and routes#9
Refactor settings and authentication repositories and routes#9ElectroBoy10 wants to merge 0 commit into
Conversation
Just a sidenote I did use claud Ai as I'm not good with coding. |
|
The workflow i have made has 2 modes debug and normal so meaning people forking your repo can build their own app using actions using debug mode and you can use the normal mode as you have setup keys and that stuff while the average forking user won't setup that and just wants to build a app :) |
|
Hi and thanks for this PR! I already had a quick look at it and I think I will adapt parts of it (the workflow with debug mode is definitely a great idea!). I’m not entirely sure I understood the 'green button' feature correctly—could you explain the user flow there? Is it a manual 'Accept' prompt on the phone when a new device tries to connect? Regarding the implementation: Ktor actually has a built-in sessions plugin that handles tokens, signing, and expiration in a very robust way. I’ll likely use that to manage whitelisted clients. Using session tokens to remember previously approved devices is a much better approach than just relying on the IP address (this is what I do at the moment)! As for password authentication: I’m still on the fence. Manual approval of new clients seems safer and more user-friendly for a local tool. Since everything runs over plain HTTP, passwords and tokens could be intercepted by anyone sniffing the traffic anyway. Manual 'per-device' approval at least ensures the host has full control. But I will keep it in mind. Thanks again for the inspiration and your work! |
|
The user flow for accept. So bassicly the implementation is Regarding security do you think its a good idea to support https and http its up to the user to select what they want to use. Even if it requires self sighned keys etc. Im planning on more edits to the prodject. 😀 Like one of my ideas are Another improvement i reccodmend adding The website will struggle to load all at once So what if you let the backend be SQLite |
|
I was thinking about adding some button or popup to the home screen of the app for approving connection requests, but I didn't implement it since I needed the notification anyways (for when the activity is closed) and to prevent myself from messing around with even more ui state. Implementing https is somehow on my todo list, but not so far on the top of it. I am pretty sure that there is a ktor plugin that will do most of the heavy lifting. Also for custom error pages. But the template should be reorganized, all the tailwind classes exported to an external css file or something, to make everything a bit more reusable and readable and to ensure a consistent style through the web ui and the error pages. Are you talking about a backend for the web ui? The size of files should not make any differences. The amount of data the webui needs to work with is a tiny json object per file. I tested it with hundrets of pictures (this is the heaviest part for the app and the webui, since all the previews need to be generated and loaded) and thanks to lazy loading it was never a problem. |
2 participants
Hallo I have made a rough edit to this app to have password authentication and a attempt on session authentication for if someone tries to connect it shows a green connect button but it seems to be really hard you will be able to see what I've done I have made edits to the workflow as I dont have keys etc so bare that in mind as I can't run this on my side without making a unsigned version. :)
I hope you find these ideas well i don't reccodmend adding my attempt but to rather use your own code and way 👍🏻