starred/peerflix-server
1
0
Fork 0
mirror of https://github.com/asapach/peerflix-server.git synced 2026-04-25 06:35:48 +03:00
Code Issues 88 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #99] Multi user, let not delete anyone other files #297

New issue
Open
opened 2026-03-15 02:54:24 +03:00 by kerem · 7 comments
kerem commented 2026-03-15 02:54:24 +03:00
Owner
Copy link

Originally created by @scriptzteam on GitHub (Jan 28, 2017).
Original GitHub issue: https://github.com/asapach/peerflix-server/issues/99

For example if i share the url anyone can delete stop my torrents, is there any way to create per user or ip or session id like http://someip.org:9000/#session_id/ so only those with session id can manage and see thier torrents?

THX!

Originally created by @scriptzteam on GitHub (Jan 28, 2017). Original GitHub issue: https://github.com/asapach/peerflix-server/issues/99 For example if i share the url anyone can delete stop my torrents, is there any way to create per user or ip or session id like http://someip.org:9000/#session_id/ so only those with session id can manage and see thier torrents? THX!
kerem commented 2026-03-15 02:54:35 +03:00
Author
Owner
Copy link

@asapach commented on GitHub (Jan 29, 2017):

I feel like user management, authentication, authorization, etc. is beyond the scope of this project. You can try setting up a reverse proxy (like nginx) in front of the server to handle auth and sessions.

<!-- gh-comment-id:275942027 --> @asapach commented on GitHub (Jan 29, 2017): I feel like user management, authentication, authorization, etc. is beyond the scope of this project. You can try setting up a reverse proxy (like nginx) in front of the server to handle auth and sessions.
kerem commented 2026-03-15 02:54:40 +03:00
Author
Owner
Copy link

@scriptzteam commented on GitHub (Feb 4, 2017):

nono i mean like ip based check or session check maybe ?

<!-- gh-comment-id:277461984 --> @scriptzteam commented on GitHub (Feb 4, 2017): nono i mean like ip based check or session check maybe ?
kerem commented 2026-03-15 02:54:45 +03:00
Author
Owner
Copy link

@asapach commented on GitHub (Feb 4, 2017):

Session requires authentication, which in turn requires user management, etc. See the discussion in #77

<!-- gh-comment-id:277462241 --> @asapach commented on GitHub (Feb 4, 2017): Session requires authentication, which in turn requires user management, etc. See the discussion in #77
kerem commented 2026-03-15 02:54:50 +03:00
Author
Owner
Copy link

@asapach commented on GitHub (Feb 4, 2017):

Oh and if you want IP-based security, you can either setup your firewall or configure a reverse proxy: Apache or nginx

<!-- gh-comment-id:277467846 --> @asapach commented on GitHub (Feb 4, 2017): Oh and if you want IP-based security, you can either setup [your firewall](http://unix.stackexchange.com/questions/11851/iptables-allow-certain-ips-and-block-all-other-connection) or configure a reverse proxy: [Apache](https://httpd.apache.org/docs/current/howto/access.html) or [nginx](http://nginx.org/en/docs/http/ngx_http_access_module.html)
kerem commented 2026-03-15 02:54:55 +03:00
Author
Owner
Copy link

@ViperCode7 commented on GitHub (Dec 22, 2017):

I have to agree.... the most that bothers me is when some nut job deletes all torrents so he can add his.

What scriptzteam wants is a session based authorization scheme. For instance when a user accesses the site for the first time he gets a session ID based on a hash of his IP and some salt, unix time etc. Adding a torrent will be marked as removable only by that session ID, a timeout of hours or days (if there's already one implemented) or by the owner of the site.

What you've suggested doesn't hinder anyone from removing the torrents. What we want is to separate superuser rights on what we add vs other users. I should not be able to remove someone else's torrents, nor should he mine.

It's a pretty simple, yet elegant way of giving each user rights without the hassle of user management.

<!-- gh-comment-id:353661906 --> @ViperCode7 commented on GitHub (Dec 22, 2017): I have to agree.... the most that bothers me is when some nut job deletes all torrents so he can add his. What scriptzteam wants is a session based authorization scheme. For instance when a user accesses the site for the first time he gets a session ID based on a hash of his IP and some salt, unix time etc. Adding a torrent will be marked as removable only by that session ID, a timeout of hours or days (if there's already one implemented) or by the owner of the site. What you've suggested doesn't hinder anyone from removing the torrents. What we want is to separate superuser rights on what we add vs other users. I should not be able to remove someone else's torrents, nor should he mine. It's a pretty simple, yet elegant way of giving each user rights without the hassle of user management.
kerem commented 2026-03-15 02:55:00 +03:00
Author
Owner
Copy link

@scriptzteam commented on GitHub (Dec 29, 2017):

torx.cat works this way ;)

<!-- gh-comment-id:354429007 --> @scriptzteam commented on GitHub (Dec 29, 2017): torx.cat works this way ;)
kerem commented 2026-03-15 02:55:05 +03:00
Author
Owner
Copy link

@ViperCode7 commented on GitHub (Jan 6, 2018):

When it works... for me it doesn't and peerflix-server is more popular, way way more sites with it.

<!-- gh-comment-id:355712195 --> @ViperCode7 commented on GitHub (Jan 6, 2018): When it works... for me it doesn't and peerflix-server is more popular, way way more sites with it.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/npm_and_yarn/decode-uri-component-0.2.2
dependabot/npm_and_yarn/minimatch-and-grunt-and-grunt-contrib-jshint-and-grunt-contrib-watch-and-grunt-wiredep-and-load-grunt-tasks-3.0.4
dependabot/npm_and_yarn/socket.io-parser-and-karma-3.4.1
dependabot/npm_and_yarn/grunt-1.5.3
dependabot/npm_and_yarn/ajv-6.12.6
v0.6.0
v0.5.1
v0.5.0
v0.4.2
v0.4.1
v0.4.0
v0.3.1
v0.3.0
v0.2.0
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.30
v0.0.29
v0.0.28
v0.0.27
v0.0.26
v0.0.25
v0.0.24
v0.0.23
v0.0.22
v0.0.21
v0.0.20
v0.0.19
v0.0.18
v0.0.17
v0.0.16
v0.0.15
v0.0.14
v0.0.13
v0.0.12
v0.0.11
v0.0.10
v0.0.9
v0.0.8
0.0.7
0.0.6
0.0.5
0.0.4
0.0.3
0.0.2
Labels
Clear labels   
bug

   
duplicate

   
enhancement

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
tip

   
wontfix
No labels
bug
duplicate
enhancement
invalid
pull-request
question
tip
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/peerflix-server#297
No description provided.