add package request endpoint

2025-06-28 06:41:43 +00:00 · 2021-10-01 08:58:50 +03:00
parent 13d00c6f66
commit 73a4cee257
14 changed files with 1792 additions and 1618 deletions
--- a/docs/ahriman-architecture.svg
+++ b/docs/ahriman-architecture.svg
--- a/docs/architecture.md
+++ b/docs/architecture.md
@ -148,6 +148,7 @@ Some features require optional dependencies to be installed:
 Web application requires the following python packages to be installed:

 * Core part requires `aiohttp` (application itself), `aiohttp_jinja2` and `Jinja2` (HTML generation from templates).
+* In addition, `aiohttp_debugtoolbar` is required for debug panel. Please note that this option does not work together with authorization and basically must not be used in production.
 * In addition, authorization feature requires `aiohttp_security`, `aiohttp_session` and `cryptography`.
 * In addition to base authorization dependencies, OAuth2 also requires `aioauth-client` library.

@ -173,9 +174,9 @@ Package provides base jinja templates which can be overridden by settings. Vanil

 ## Requests and scopes

-Service provides optional authorization which can be turned on in settings. In order to control user access there are two levels of authorization - read-only (only GET-like requests) and write (anything).
+Service provides optional authorization which can be turned on in settings. In order to control user access there are two levels of authorization - read-only (only GET-like requests) and write (anything) which are provided by each web view directly.

-If this feature is configured any request except for whitelisted will be prohibited without authentication. In addition, configuration flag `auth.allow_read_only` can be used in order to allow seeing main page without authorization (this page is in default white list).
+If this feature is configured any request will be prohibited without authentication. In addition, configuration flag `auth.safe_build_status` can be used in order to allow seeing main page without authorization.

 For authenticated users it uses encrypted session cookies to store tokens; encryption key is generated each time at the start of the application. It also stores expiration time of the session inside.

--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -23,12 +23,12 @@ libalpm and AUR related configuration.
 Base authorization settings. `OAuth` provider requires `aioauth-client` library to be installed.

 * `target` - specifies authorization provider, string, optional, default `disabled`. Allowed values are `disabled`, `configuration`, `oauth`.
-* `allow_read_only` - allow requesting read only pages without authorization, boolean, required.
 * `client_id` - OAuth2 application client ID, string, required in case if `oauth` is used.
 * `client_secret` - OAuth2 application client secret key, string, required in case if `oauth` is used.
 * `max_age` - parameter which controls both cookie expiration and token expiration inside the service, integer, optional, default is 7 days.
 * `oauth_provider` - OAuth2 provider class name as is in `aioauth-client` (e.g. `GoogleClient`, `GithubClient` etc), string, required in case if `oauth` is used.
 * `oauth_scopes` - scopes list for OAuth2 provider, which will allow retrieving user email (which is used for checking user permissions), e.g. `https://www.googleapis.com/auth/userinfo.email` for `GoogleClient` or `user:email` for `GithubClient`, space separated list of strings, required in case if `oauth` is used.
+* `safe_build_status` - allow requesting status page without authorization, boolean, required.
 * `salt` - password hash salt, string, required in case if authorization enabled (automatically generated by `create-user` subcommand).

 ## `auth:*` groups