-
Notifications
You must be signed in to change notification settings - Fork 916
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JSON Management Not Honoring Password #1149
Comments
That is a little embarrassing. Thanks for finding it - and a very useful minimal reproducer. Additionally, since you are using the API - this api turned out to be not as usable across all the different platforms (It basically needs more code to implement clients than would be good) I'm thinking it should be replaced with a real JsonRPC interface. |
The client I wrote to talk to the current JSON management API is only 58 lines of code (in GDScript of all things). It wasn't terrible. 😀 However, being able to use an existing JSON RPC library would be nice as well. |
Yeah, this was less about how hard it is to code a client and more about reuse of existing infra - a JsonRPC API can have a zero-line client if you serve some static HTML and simply use the existing web browser. (And there are also some handy naming + unix domain sockets with a server running multiple instances improvement that almost fall out for free) I've pushed a patch for the auth to the same purgable branch you are already testing. However - it is worth noting that the old human-based management interface is still in the codebase and has no authentication |
Awesome. I'll pull it and give it a go. I don't expose the management port on anything except localhost so it's not that big a deal that the old interface is still there. |
This new JsonRPC API was implemented in the recently released fork n3n, if you were interested in looking at it. |
The JSON Management API is allowing password-protected operations without a password. Example:
This is using edge 3.1.1-239-g9624a65.
The text was updated successfully, but these errors were encountered: