lhumina_code/hero_books
19
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Add password protection for published site #30

New issue
Closed
opened 2026-02-09 14:52:35 +00:00 by mik-tf · 0 comments
mik-tf commented 2026-02-09 14:52:35 +00:00
Owner
Copy link

Context

The web UI is currently publicly accessible with no authentication. Some content is not intended to be public.

Expected Behavior

Support optional password protection for the web interface. When enabled, users must authenticate before accessing any content.

Suggested Approach

  • HTTP Basic Auth as the simplest option
  • Configurable via environment variable (e.g., HEROBOOKS_PASSWORD)
  • When the env var is empty or unset, no auth is required (backward-compatible)
  • When set, all routes require authentication
  • Username can be fixed (e.g., hero) or also configurable

Notes

  • This covers the web UI and API endpoints
  • MCP endpoint may need separate consideration (API key vs Basic Auth)
  • grid_name_proxy handles TLS, so Basic Auth over HTTPS is secure
## Context The web UI is currently publicly accessible with no authentication. Some content is not intended to be public. ## Expected Behavior Support optional password protection for the web interface. When enabled, users must authenticate before accessing any content. ## Suggested Approach - HTTP Basic Auth as the simplest option - Configurable via environment variable (e.g., `HEROBOOKS_PASSWORD`) - When the env var is empty or unset, no auth is required (backward-compatible) - When set, all routes require authentication - Username can be fixed (e.g., `hero`) or also configurable ## Notes - This covers the web UI and API endpoints - MCP endpoint may need separate consideration (API key vs Basic Auth) - grid_name_proxy handles TLS, so Basic Auth over HTTPS is secure
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
development
development_mik
development_kristof
main
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.1-rc1
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
lhumina_code/hero_books#30
No description provided.