CI Token management #618
Comments
|
Love that idea 👍 will you create a MR for this? |
|
This won't work with the current implementation, because the token and hash is generated on the server side: # def claim():
token = secrets.token_hex(16)
salt = os.urandom(32)
token_hash = calculate_token(token, salt)
table.insert({"name": project, "token": token_hash, "salt": salt.hex()})What I'd do instead is add a flag |
g3n35i5
added a commit
to vorausrobotik/docat
that referenced
this issue
Jan 16, 2024
By declaring the environment variable(s) `DOCAT_GLOBAL_CLAIM_TOKEN` (and optionally `DOCAT_GLOBAL_CLAIM_SALT`), all projects can be automatically claimed with a previously defined token (and salt). This resolves docat-org#618.
|
I don't get why abf8499 was not merged. |
|
you can always mount in a custom nginx config which protects the /api routes with basic auth but i will consider this use-case if we do a docat v2 |
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It could be useful if the api-key could be set when doing a push of a new project.
Example with docatl:
docatl push docs.zip newproject 1.0.0 --api-key 1a558b3687abc41fb9dd2f1ec9459271
Then, no token claim is possible for "newproject" project and the token is the token set.
The text was updated successfully, but these errors were encountered: