In the future, an `Access-Control-Request-Private-Network` header will be sent with
these requests, and servers must respond with `Access-Control-Allow-Private-Network`.
This will start with the next Chrome version (104), and Mozilla has marked the
standard as "worth prototyping", which often leads to final implementation.
Signed-off-by: Franklyn Tackitt <git@frank.af>
Since the User DB is not going to be large cache the users
in local memory and sync with the DB when changes are
made to the local user store.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This provides corrective action in the event that an
invalid user entry makes its way into the database.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
Raise an exception when a request with Basic Auth is received, however do not log the username/password.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This allows eligible components to register themselves as API transports. By default the WebsocketManager is registered.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
This removes the cryptography dependency in favor of libsodium. Also removed is python-jose, as we must generate our own JWTs for use with EdDSA.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
use libnacl instead of pynacl
Clients can use this in situations where a browser may
prompt the user to take action prior to sending the
request. After the user accepts, Moonraker will redirect the user to the url provided in the request.
SIgned-off-by: Eric Callahan <arksine.code@gmail.com>
Clients may pass a json web token via the query string's "access_token" argument to authorize requests that do not allow modified headers.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
When "force_logins" is enabled a user login is required if at least one user is registered, overriding the "trusted_clients" configuration.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
It is now possible for any authorized request to delete a user, however a logged in user cannot delete its own account.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
CONFIG CHANGE: This deprecates the "enabled" option in the [authorization] section. Authorization will be enabled if the section is included in moonraker.conf, otherwise it will be disabled.
Signed-off-by: Eric Callahan <arksine.code@gmail.com>
