Comments (7)
The plugin could set its own random secret (equivalent to how --root
works) and then support a /-/auth-app-user?token=xxx&redirect_to=/-/plugins
URL which the shell could then use when opening new windows - e.g. for the "list installed plugins" menu option.
from datasette-app.
For the moment I'm going to lock this down so that it's only visible to the current, authenticated use from localhost
- but in the future it might be good to have an option for sharing your data by running the server attached to 0.0.0.0
so you can share links with other people on your network.
from datasette-app.
#52 (option to expose server to other people on your network) makes this even more relevant.
I'm going to have a user account called "admin" (because "root" already does some things in the Datasette world, and as language it's less user-friendly than "admin") - the plugin will set a ds_actor
cookie for it when a new browser window is opened.
from datasette-app.
Could even do this by calling a special API endpoint, /-/generate-admin-actor-cookie
, which is authenticated using the mechanism introduced by #53 - and then setting the return value as that in a cookie when first instantiating the BrowserWindow
.
from datasette-app.
Setting cookies from Electron code looks too complicated - I'll go with the simpler mechanism where every new BrowserWindow
hits /-/auth-app-user?redirect=/-/plugins
which accepts the Authorization: Bearer xxx
token from #53 and redirects with the newly set cookie.
from datasette-app.
I'm going to need to refactor all of the places that create a BrowserWindow
and load a URL in it to a new method on the DatasetteServer
class which uses the new /-/auth-app-user
endpoint - otherwise users could accidentally create windows that don't have the signed cookie.
One exception: this code, because it displays the loading.html
screen before the server has started (so it can continue to display while pip install datasette
etc is happening on first run).
Lines 185 to 208 in 9a8bf4e
from datasette-app.
Here's how to pass the authorization: bearer xx
header in a POST request to that API endpoint:
newWindow.loadURL(`http://localhost:${this.port}/-/auth-app-user`, {
extraHeaders: `authorization: Bearer ${this.apiToken}`,
postData: [
{
type: "rawData",
bytes: Buffer.from(JSON.stringify({ redirect: path })),
},
],
});
This wasn't obvious: the extraHeaders
takes a string (headers can be separated by newlines) rather than a dictionary, and the postData
thing was a very odd shape too.
from datasette-app.
Related Issues (20)
- Publish ("export") to web with authentication and metadata (minimum feature set) HOT 4
- Can't "go back" after choosing view as JSON or CSV and saving/storing queries in underlying SQLite
- Allow for load / open of data from URL where CSV (or JSON?) is compressed
- Allow handling of larger CSV files e.g. CFPB complaints data HOT 1
- Switch to Playwright for automated tests HOT 28
- Failing to render in retina resolution when running on my MacBook Pro (macOS Catalina) HOT 1
- Research faster launch times
- Mechanism for plugins that need a specific DB HOT 3
- "Loading..." hangs on launch after parsing "tag_name" in a plugin HOT 6
- npm test is failing HOT 2
- All sorts of features not working due to bad HTTP requests HOT 9
- London Fire Brigade demo breaks HOT 7
- Import CSV from URL should show errors
- New Playwright tests should exercise key features
- Ability to use templates
- The icon looks blurry in the alt-tab window
- Loading... hangs on launch with packaging.version.InvalidVersion HOT 6
- "About Datasette" button fails to open information window HOT 2
- Unable to load preload script HOT 14
- Global Power Plant database is not found. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from datasette-app.