Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unlike the ping endpoint the web UI is not easily accessible when authenticated #31

Open
mskyttner opened this issue Feb 6, 2025 · 2 comments
Open

Unlike the ping endpoint the web UI is not easily accessible when authenticated #31

mskyttner opened this issue Feb 6, 2025 · 2 comments
Labels
bug Something isn't working enhancement New feature or request help wanted Extra attention is needed

Comments

@mskyttner
Copy link

mskyttner commented Feb 6, 2025
edited
Loading

When starting a process like this:

DUCKDB_HTTPSERVER_FOREGROUND=1 DUCKDB_HTTPSERVER_DEBUG=1 duckdb -c "install httpserver from community; load httpserver; select httpserve_start('0.0.0.0', 7777, 'duck:duck');"

... it is possible to read from the $base_url/ping endpoint, so easy to check that the service is alive, nice!

But the web UI is not being served up, it reponds with "Unauthenticated" - could it be excluded from authentication since the web ui has specific settings where the base_url, user and pass can be provided anyhow (which might be nice to be able to use also when authenticating against an authenticated instance / itself)?

Also trying a url like "http://user:pass@localhost:7777" wouldn't allow access to the web ui when the httpserver runs as authenticated.

Would be supernice if this worked also when the service runs under another url base (ie something like https://some.server.tld/duckserve/ for example).
@lmangani lmangani added the bug Something isn't working label Feb 6, 2025
@lmangani
Copy link
Collaborator

lmangani commented Feb 6, 2025

@mskyttner confirmed, this is indeed the current behaviour where auth locks the UI as well.
I guess we need more granular settings to let the users choose if the UI should be served in auth mode.

Any preferences from the community?

@lmangani lmangani added enhancement New feature or request help wanted Extra attention is needed labels Feb 6, 2025
@mskyttner
Copy link
Author

Just sharing my single cent / preference:

  • By default let "ping" and the web UI that is served from the url_base "root" not require authorization, reason: the web UI wouldn't allow any reading anyway if the three settings for url, user and pass are not provided (at the top of the ui), but at least you know it is there and you can use it even if other endpoints for the API are locked down.
  • If it remains locked, it would be great if it was protected by basic auth login which was challenged from the service, or if a login function is not provided by the httpserver, something that assures that it can be accessed when entering a "basic auth authentication url" - which will put the credentials in the link / "in the open" - when going to the web ui by entering say "http(s)://username:password@hostname:port/path/" in the browser.
  • If there is a setting after all, it would be nice to have it like the others, DUCKDB_WEBUI=1 or so...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lmangani @mskyttner