Please provide a working example of tiddlyserver settings.json with multiple directories and authentication?

[Donald Coates]

I cannot seem to wrap my head around how to set this up.  here is what I have so far:

{

  "tree": {
    "tiddlywiki": "../work",
    "personal": "../personal"
  },


  "authAccounts": {
    "mainuser": {
      "clientKeys": {
        "username": { "publicKey": "code-entered-from-terminal", "cookieSalt": "salt" }
      },
      "permissions": {
        "mkdir": true,
        "putsaver": true,
        "registerNotice": true,
        "upload": true,
        "websockets": true,
        "writeErrors": true,
        "loginlink": true,
        "transfer": true
      }
    }
  },

  "bindInfo": {
    "bindAddress": ["0.0.0.0"]
  },

  "$schema": "./settings-2-1.schema.json"
}

I have a tiddlywiki.info file in 'work' and a few files in 'personal'.  The server starts and I am able to see and access the directories.  However I cannot save the wiki and I have unrestricted access to the personal directory whether I log in or not.

I assume the answer lies in the 'tree' section but I can't for the life of me understand what that is saying in the docs.

[Donald Coates]

It seems part of the problem was that I was accessing the server only from localhost which by default gives all permissions.  I spun up a docker container and accessed from outside and authorization worked.  The 'personal' folder gave no ability to upload without a login.  The wiki lives in 'work' directory and I added a datafolder section to the settings file to make that read only. 

It's possible the username and password pairs are not needed in the data folder I'm still playing around.  Notice that I added a 'transfer: true' in the authAccounts - permissions values.  This is not shown in the example in the TiddlyServer docs.

If anyone has suggestions about how to make authorization specific to a directory I would appreciate it.  The 'tree' section in the Tiddlyserver makes no sense to me when it gets to the options section and breaks out into an xml example.

Here is the settings.json I ended up with:

{

  "tree": {
    "tiddlywiki": "../work",
    "personal": "../personal"
  },


  "authAccounts": {
    "mainuser": {
      "clientKeys": {

        "username": { "publicKey": "base64-copied-from-terminal", "cookieSalt": "salt" }

      },
      "permissions": {
        "mkdir": true,
        "putsaver": true,
        "registerNotice": true,
        "upload": true,
        "websockets": true,
        "writeErrors": true,
        "loginlink": true,
        "transfer": true
      }
    }
  },

  "bindInfo": {
    "bindAddress": ["0.0.0.0"],

    "localAddressPermissions": {
      "*": {
        "putsaver": false,
        "writeErrors": false,
        "upload": false,
        "mkdir": false,
        "websockets": false,
        "registerNotice": true,
        "loginlink":true
        }
    }
  },

  "datafolder": {
    "readers": "(anon)",
    "username": "joe",
    "password": "password"
  },

  "$schema": "./settings-2-1.schema.json"
}

[Donald Coates]

From what I can tell by messing around - the username and password (in non base64 format) in the datafolder section need to be the same as the user signing in as designated in the authAccounts section in order to have a read only wiki that you sign can sign into from outside localhost.

Happy Hacking ya'll!

Again, if anyone can help me make sense of this section in the TiddlyServer docs, especially the auth option and how it would look in the settings.json file, I would really appreciate it:

https://arlen22.github.io/tiddlyserver/docs/serverconfig.html#option-element-types

[Scott Kingery]

I'm still working on getting authentication working. Have you succeeded in getting things working without authentication? I'd do that first to be sure you are serving files as expected.

Without authentication, my settings.json file looks like:

{
 "tree": "D:/Dropbox/tw",
 "bindInfo": {"http": "./https.js", "port": 8081, "bindWildcard": false, "bindAddress": ["127.0.0.1"]},
 "putsaver": {"backupFolder": "./backups"},
 "$schema": "./settings-2-1.schema.json"
}

That's if you just want to bind to your local network card and run the server local using http://localhost:8081/.

If you want to run it on your pc yet connect to it from anywhere in your network then you need wildcard binding like these next settings. This one is also for HTTPS which takes even more set up because you need certificates so, while it is less secure, you could drop the "s" until you get things going.

{
 "tree": "D:/Dropbox/tw",
 "bindInfo": {"https": "./https.js", "port": 8081, "bindWildcard": true},
 "putsaver": {"backupFolder": "./backups"},
 "$schema": "./settings-2-1.schema.json"
}

Get all that working then you can start building that authentication pieces. I'm still working that out but I believe once you get the above working you next start the authentication piece by going to http://localhost:8081/admin/authenticate/login.html  and you'll be prompted with a username and password field. Just try it with whatever user name and password you'll be using later. It will fail but on the tiddlyserver console you'll see something like:

    login attempted with unknown public key
    M2Kl7Fp9KetobcSwA491fmmZkecXhUYH-omojNehImQ
    username: skingery
    timestamp: 2020-01-13T05:36:50.662Z

Given those results you then build out the client key section of settings.json like:

      "clientKeys": {
        "skingery": { "publicKey": "M2Kl7Fp9KetobcSwA491fmmZkecXhUYH-omojNehImQ", "cookieSalt": "1024" }

      },

That's about as far as I've gotten on the authentication side so I look forward to hearing from others.

[Donald Coates]

Scott thank you so much taking the time to reply.  The thread is a little confusing since the first three posts are me talking to myself.  The second settings.json actually works.  The problem I was having in the beginning was I was accessing the server from localhost which is by default given all permissions so authorization didn't seem to be working.

I have put the tiddlyserver on a vps and am running it in docker and authorization of both directories and tiddlywikis seems to be working fine.  My next step is to use nginx to handle https.  I can post what I have that works once I get everything working.

One thing to note is in the authAccounts permissions section there is a hash for transfer: true that is not mentioned in the docs.  Also, I'm not sure but it may be required that a user group is defined.  It seems from the docs that the user group - which is defined as main user in my settings file and 'designgroup' in arlen's example file - is the key and the username:password,salt is the value.

I'm not completely up on the lingo as you might be able to tell so I apologize if I'm using technical terms incorrectly

.

[Arlen Beiler]

Instead of a folder string you use an object containing these properties 

$element: folder

key: optional custom alias (no slashes)

path: the folder string

$options: an array containing putsaver, backup, and auth options objects, as desired. 

Now with that in mind, go to this section. https://arlen22.github.io/tiddlyserver/docs/serverconfig.html#auth-option, which lists the properties for each of those options objects. Only the $elements property is required, but the defaults are not specified, except in the source code. 

I apologise for the confusion I created with that XML. I will remove it and make that section clearer when I have time. 

--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/359fc795-e8ff-497c-b25e-63e423d0cce2%40googlegroups.com.

[Arlen Beiler]

By $element: folder, I mean the literal string "folder". 

[Arlen Beiler]

I'm sorry I'm not able to address this more thoroughly. I'm in the middle of another project at the moment. I'm hoping to get back to TiddlyServer in a few weeks. 

One more thing, the options apply to all child folders as well. Also, the same thing applies to groups, and a child group or folder will inherit the parents properties unless it also has an options objects. In that case, each property normally overrides the one above it, and inherits any not specified. 

[Donald Coates]

Thank you so much for your reply and your work on tiddlyserver.  I am truly enjoying playing around with it even when the enjoying might sound a bit like my son playing Call of Duty. I will take some time with your suggestions.

I know it is incredibly difficult to make something you know so intimately easy to understand for someone on the outside of the project.  I appreciate the effort!!!!

Good luck with your current project and thank you again for your work.  I like TiddlyServer's features a lot and look forward to what's ahead.

To unsubscribe from this group and stop receiving emails from it, send an email to tiddl...@googlegroups.com.