login control for self-hosted web client #1003
-
shlink-web-client version3.10.2 How do you use shlink-web-clientSelf-hosted Summaryis there any way to add login page for using self hosted client? now it is directly opening and connecting to server without any authentication |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 5 replies
-
|
shlink-web-client is an app running 100% in the browser, and only your device knows about the API key, that's why it's safe to load server data with no user authentication, and at the same time, not possible to have end-user login. This is somehow convenient, but presents some known limitations, that's why there is work in progress for a next-level Shlink app (AKA shlink-dashboard) that will include its own backend, supporting user authentication. See #338 for details. |
Beta Was this translation helpful? Give feedback.
-
|
I have a question about the design of shlink main server code. Why don't we include some APIs to create and authenticate users in the server code itself? This way, we can still have a backend-free client web app, but also have a user management module in the main server. Is there any technical or architectural reason for not doing this? I would be happy to work on this feature if it is feasible and desirable. |
Beta Was this translation helpful? Give feedback.
-
|
That would make Shlink handle a very specific responsibility which, from my point of view, should not be handled by it. The architecture is explained here https://shlink.io/documentation/advanced/shlink-architecture/, and there's no plans to change it. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your feedback on the new expansion plans. I apologize for not reviewing that page before making my suggestions. I agree that Shlink has a great design and that it should focus on its core functionality of shortening the urls. This will allow it to scale infinitely and run smoothly on multiple instances. However, I have one suggestion regarding the single instance and shared hosting users. Since Shlink-Dashboard is still in early development, we could add a few more steps in the installation process of Shlink. We could offer the option to install Shlink-Dashboard in a subfolder of the same server as Shlink, and also the option to use the same database or a separate one for it. This way, we could accommodate more use cases without compromising the application architecture. |
Beta Was this translation helpful? Give feedback.
-
|
@acelaya what i see with docker image after installarion anyone can access the web interface and anyone can go to the configuration of server or add or remove short links etc. is there no way to block or restrict access? Or I'm missing something? |
Beta Was this translation helpful? Give feedback.
-
|
Anyone can access the app itself, but no one will have access to the servers you create in your device, because that's saved in the device's local storage. |
Beta Was this translation helpful? Give feedback.
-
|
mmh..Actually i have send the link to my collegues and he can see and access to the server... is possible because the api is in the server env? |
Beta Was this translation helpful? Give feedback.
-
Yes, that's the reason. It's VERY important that you don't use that feature with a public shlink-web-client instance, because you are exposing API keys publicly.
|
Beta Was this translation helpful? Give feedback.
shlink-web-client is an app running 100% in the browser, and only your device knows about the API key, that's why it's safe to load server data with no user authentication, and at the same time, not possible to have end-user login.
This is somehow convenient, but presents some known limitations, that's why there is work in progress for a next-level Shlink app (AKA shlink-dashboard) that will include its own backend, supporting user authentication.
See #338 for details.