devpi / devpi-lockdown Goto Github PK
View Code? Open in Web Editor NEWtools to enable authentication for read access
tools to enable authentication for read access
As per subject, is there a quick way to do this? Right now I need to manually type /+logout in the browser and not everybody knows that.
While enabling devpi-lockdown, and trying to search, initially search box returns:
After clicking search tho, everything is working perfectly fine.
During typing inside the search box, web console returns:
Looking at the server while typing, it always shows:
I wonder if it is a known issue or a configuration problem.
I am using devpi-lockdown and logging in with user and pass using nginx works successfully.
The problem i have is that when i login, the user can see all other users and package indexes.
Is this normal behaviour?
I want the user only to see their own account with all the package indexes below.
Maybe a quicker feature to implement is to say for what users the web-view can be loaded?
(for example only root can see this)
The users i have:
For example when user-a logs in, they can see root/pypi and users-b while they only should be able to see user-a with the index mono.
versions:
devpi-lockdown-2.0.0
devpi-server-6.9.0
devpi-web-4.2.0
my nginx.conf:
# HTTP server redirects all traffic to HTTPS
server {
listen 80;
listen [::]:80;
server_name _;
# this redirects to the login view when not logged in
recursive_error_pages on;
error_page 401 = @error401;
location @error401 {
return 302 /+login?goto_url=$request_uri;
}
# lock down everything by default
auth_request /+authcheck;
# the location to check whether the provided infos authenticate the user
location = /+authcheck {
internal;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header X-Original-URI $request_uri;
proxy_set_header X-outside-url $scheme://$http_host; # copy the value from your existing configuration
proxy_set_header X-Real-IP $remote_addr; # copy the value from your existing configuration
proxy_pass http://devpi:3141;
}
location / {
# workaround to pass all requests to / through to the named location below
error_page 418 = @proxy_to_app;
return 418;
}
location @proxy_to_app {
proxy_pass http://devpi:3141;
# the $x_scheme variable is only required if nginx is behind another
# proxy (often the case in container environments),
# if your nginx is the only proxy server, the $scheme variable can be
# used and the map $http_x_forwarded_proto $x_scheme above be removed
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-outside-url $scheme://$http_host;
proxy_set_header X-Real-IP $remote_addr;
}
}
I get import error as below
from pyramid.authentication import _SimpleSerializer
ImportError: cannot import name '_SimpleSerializer'
However I notice that the authentication.py
itself imports from pyramid.util import SimpleSerializer
Where am I going wrong?
This is more of a question than an issue.
I have Devpi running with Devpi-lockdown on a remote server, I'm trying to install a package that I've uploaded to Devpi, but when I do this devpi install or pip install is redirected to the login form. What am I missing? I don't think my nginx configuration is incorrect but it is a possibility.
Would you be able to provide an example command or set of commands to do this?
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.