Add Support for Authenticated Uploads #340

New Issue

michael · 2026-01-19T18:29:57Z

michael commented

2026-01-19 18:29:57 +00:00

Originally created by @Prajjwal on GitHub.

In most personal use scenarios, the user wants to lock down upload access to the server. I can't find anything in your README that talks about authentication. It is a matter of adding a single access_token to each POST request. Any plans for something like this?

Originally created by @Prajjwal on GitHub. In most personal use scenarios, the user wants to lock down upload access to the server. I can't find anything in your `README` that talks about authentication. It is a matter of adding a single `access_token` to each POST request. Any plans for something like this?

michael closed this issue

2026-01-19 18:29:57 +00:00

michael commented

2026-01-19 18:29:57 +00:00

@kamaln7 commented on GitHub:

I can take a stab at implementing something like this. Either pass an "Authentication" header with the key or just a regular parameter. @dutchcoders—is that alright?

@kamaln7 commented on GitHub: I can take a stab at implementing something like this. Either pass an "Authentication" header with the key or just a regular parameter. @dutchcoders—is that alright?

michael commented

2026-01-19 18:29:57 +00:00

@Prajjwal commented on GitHub:

@nl5887 I've implemented this. Care to take a look?

@Prajjwal commented on GitHub: @nl5887 I've implemented this. Care to take a look?

michael commented

2026-01-19 18:29:57 +00:00

@Prajjwal commented on GitHub:

@techburgher I've already implemented authentication with auth headers in #105. Hasn't been merged in yet, though. You might want to take a look at it.

@Prajjwal commented on GitHub: @techburgher I've already implemented authentication with auth headers in #105. Hasn't been merged in yet, though. You might want to take a look at it.

michael commented

2026-01-19 18:29:57 +00:00

@techburgher commented on GitHub:

Here's a BasicAuth "hack", if anyone is interested:

func LoveHandler(h http.Handler) http.HandlerFunc {
        return func(w http.ResponseWriter, r *http.Request) {
                w.Header().Set("Server", "My HTTP Server 1.0")

                w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)

                username, password, authOK := r.BasicAuth()
                if authOK == false {
                        http.Error(w, "Not authorized", 401)
                        return
                }

                if username != "myusername" || password != "mypassword" {
                        http.Error(w, "Not authorized", 401)
                        return
                }

                h.ServeHTTP(w, r)
        }
}

@techburgher commented on GitHub: Here's a BasicAuth "hack", if anyone is interested: ``` func LoveHandler(h http.Handler) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Server", "My HTTP Server 1.0") w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`) username, password, authOK := r.BasicAuth() if authOK == false { http.Error(w, "Not authorized", 401) return } if username != "myusername" || password != "mypassword" { http.Error(w, "Not authorized", 401) return } h.ServeHTTP(w, r) } } ```

michael commented

2026-01-19 18:29:57 +00:00

@techburgher commented on GitHub:

It would be nicer, for me, if there were a password prompt when accessing the web site itself, and not simply passed via an extra header.

@techburgher commented on GitHub: It would be nicer, for me, if there were a password prompt when accessing the web site itself, and not simply passed via an extra header.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: dutchcoders/transfer.sh#340