🔒 Authorisation
Since version 3.1 authorisation is enabled by default.
User management is done through the PocketBase webinterface at http://localhost:8090/_/. This is mainly for internal use, such as within a home or corporate network. For external use please see below.
- To manage users, click the "Collections" icon on the left and select "users".
- To manage admins, click the "Settings" icon on the left and select "Admin".
Api permissions listed by user role:
Api | Unauthorized | Users | Admins |
---|---|---|---|
List/Search Rule | ❌ | ✅ | ✅ |
View Rule | ❌ | ✅ | ✅ |
Create Rule | ❌ | ❌ | ✅ |
Delete Rule | ❌ | ❌ | ✅ |
Manage Rule | ❌ | ❌ | ✅ |
Wake devices | ❌ | ✅ | ✅ |
Shutdown devices | ❌ | ✅ | ✅ |
Scan network | ❌ | ❌ | ✅ |
🌍 Exposing to the open web
Although UpSnap has user authorisation, it is not recommended to expose it to the open web and make it accessible by everyone!
Reason: The shutdown device command is basically a command piped to #sh (root if you run docker). If anyone gains unauthorized access and can abuse this api route in any way, the attacker has access to a (root) shell on your local network.
Recommended: If you need access from outside your network, please use a vpn. Wireguard or OpenVPN is your way to go.
Changelog
- 8d47966 add authentification #42 #55
- 5ed25bb add custom welcome message
- 5469a2b add shdow to theme dropdown menu
- 0d9a743 authentification -> authorisation
- 94fabed css and logic improvements
- a1de163 fix navbar active background for settings
- 5493df0 pnpm...
- 9a6b3a0 remove log
- 40f6bdd update dependencies
- 12689b1 update readme with auth #42 #55
- c519084 message is prerendered and cant be changed at runtime
- 9351889 minor changes
- 2764ed6 rel="external" fixes "not found" build error
- 327ac67 update screenshots