Basic auth flow

[msujew]

Implements a basic auth flow. Shows a login page when the server has been started with --password=<password>. Inserting the correct password redirects to the application, while a wrong password brings the user back to the login.

[akosyakov]

One more thing basic oauth should not be contributed to server.main.ts, only via server.ts. We are not going to use it in Gitpod and should not have unnecesray deps then.

[msujew]

@akosyakov Auth is now separate from the main implementation. Care to take another look? Also removed all additional dependencies.

[akosyakov]

Can we revert to minimal change? I cannot really understand what was changed in server.main.ts.

The PR should be:

• introduce a needed callback in server.main.ts
• implement rest in server.ts
• add login page

There is no need for unnecessary refactoring and so on.

[akosyakov]

Web sockets are not secured.

[akosyakov]

@msujew Could you rebase please? Some minor comments:

• for login screen can we center it, i.e like on google.com and add a comment about the password in server terminal?
• there is no way to fix pop up on first reload about the form fields, do you know the reason?

[msujew]

there is no way to fix pop up on first reload about the form fields, do you know the reason?

Well, the alternative would be the redirect. I don't think there's a way around that, as that's something implemented by the browser, not by us.

[akosyakov]

We discussed it and decided to put it on hold, try without built-in auth for now. Please don't feel discouraged, contribution is good!

[rob-64]

I was able to accomplish this with a Caddy reverse proxy in front and basic auth there.

[akosyakov]

I'm closing it. The goal of the project just to provide easy to maintain open source server. Integration issues should be resolved by adopters or end users.

That said, it does not mean that there could not be guides showing how to securely setup the server. Anyone is welcomed to contribute them.