I have deployed the linkding service behind a reverse proxy integrated with Authelia. In the current application token authentication model, the base url/api path needs to be bypassed and the token is validated by the linkding service.
Thus the incoming traffic cannot be regulated (to protect against DoS etc).
It would be a network security improvement if the extension alternatively supported login by basic auth (user-password) to satisfy one-factor authentication for extension users. Since the app token is only validated in the linkding backend, the token cannot be used for border authentication.
If the user supplied credentials for single factor authentication, the backend would have to check for presence of logged-in user, e.g. REMOTE_USER header as alternative means to application token in /api handler.
I have deployed the linkding service behind a reverse proxy integrated with Authelia. In the current application token authentication model, the base url/api path needs to be bypassed and the token is validated by the linkding service.
Thus the incoming traffic cannot be regulated (to protect against DoS etc).
It would be a network security improvement if the extension alternatively supported login by basic auth (user-password) to satisfy one-factor authentication for extension users. Since the app token is only validated in the linkding backend, the token cannot be used for border authentication.
If the user supplied credentials for single factor authentication, the backend would have to check for presence of logged-in user, e.g. REMOTE_USER header as alternative means to application token in /api handler.