Web Services #4
Comments
A-c0rN
added
enhancement
|
im gonna test some things here and there, maybe get a prototype going |
|
|
|
Ive added 2FA, via discord webhook |
|
Is there any system in place currently in ASMARA for handling localserver (eg socket) alert sending, and if so, are we able to implement a way to upload custom audio or have a custom description of the alert, and allow something like flite to read it? |
Not yet, however an older version had a console system that is for the most part still available in the backend, just the console was removed due to unneeded complexity. I would like a REST API to be hooked into this system for management, as I would like the API to allow users to make their own web interfaces if wanted, or modules to interface with other things, such as Character Generators and such.
This would be easier to implement via CAP, so that's probably going to go with that. One should be able to use the Override feature for audio embedding if they need to though. |
|
BREAKING NEWS new webserver update soon! (not major) some changes to the readme, using logos, all of that.. |
|
Flask has a good way of setting up REST API's, so I'm thinking we can do it like this for best productivity, where you could work on setting up a good way of sending alerts, and il setup a secure(ish) way of doing api's for sending.. What do you think about that?
|
The only thing this needs is a handler to import a Flask backend that communicates with ASMARA's interface directly. I can write something like that when I have time. The API should be a standardized, easy to understand and well documented script that should expose both ingest and output information from the ENDEC. Also, when it comes to security, this may sound like a bit of a pain, but we may want to focus on this after we have a working API. Thanks! |
That seems easy enough to work on once we get there..
Completely agree, wouldn't want to push a flawed and hackable system to prod and have someone hack into an exposed system and release an EAN right?
|
|
Ana, What do you think about this, we could implement email based 2FA, but the user would have to setup an email account specifically for it, OR, we could push a prototype 2FA system back about a week or two, and have an authenticator app system.. Until you get back to me on this, i will be exploring both ideas,
|
|
Ana, Ive made a working prototype authenticator app system, it works for authy and google authenticator.. will send a pull once its fully fleshed out
|
|
Look at this beauty!
|
|
working on SSL/HTTPS, kinda stupid that we didn't think to do this sooner.. |
|
SSL/HTTPS is done, its optional but it slightly berates you for running without it cause of 1. how insecure the webserver becomes, 2. because of how easy it is to setup atm all you have to do is run userdb with the argument mkSSL it selfsigns a cert, and if you look at the cert it has asmara info, it expires after a year it was created, i haven't set a warn for that yet, il probably put it on the web interface though |
I'll look into also the ability submit an external cert for use, as some of us (Physprop) has their own SSL signing server for a domain. |
Sounds good.. |
No description provided.
The text was updated successfully, but these errors were encountered: