Hi All,
We would like to protect our repo and addons hosted in that repo so that only certain users can download it.
The challenge we are facing is suppose a person finds out about our Repo URL, he can then download the addon zips from our server. Ideally, I would like to prevent this behavior, so that only authorized users can download from that link.
We could use a form a basic HTTP authentication to protect the entire web directory, but then does Kodi support it?
Other ways to do it would be to have a custom addon that manages checking the versions with the server, and download addons as required.
Wondering if there is a simple way of doing this.
Thanks in advance!
Ashish
An Update.
Tried using HTTP Basic Authentication.
Steps:
1. Protected my web folder with HTTP basic authentication
2. In Repo Addon, tried putting authentication details directly in the URLs
Meaning,
Code:
<extension point="xbmc.addon.repository" name="My Repository">
<info compressed="false">https://username:[email protected]/repo/addons.xml</info>
<checksum>https://username:[email protected]/repo/addons.xml.md5</checksum>
<datadir zip="true">https://username:[email protected]/repo/zips</datadir>
</extension>
Now Kodi refuses to install this repo addon using the Install from Zip file method.
As soon as you remove the username:password, it allows it to install.
But now, it can't fetch repository details from the web server as the directory is protected.
Seems HTTP Basic authentication is out of the question here. It's silly though, because Kodi supports all forms of authentications for Media URLs as said
here
Any idea on how to get this done?
Did you ever find a solution to this? I'm trying to do something similar.
Hey,
No simple solution here.
I got around this by editing Kodi source, and tying it with my custom authentication logic.
That said, even this is not foolproof, at best, it might deter non power users.
In any case, if the user gets hold of a repository zip, he will be able to install it manually.
The best approach to protect your data is to do it server side. Assume that the repo & the addons cannot be protected. What can be protected is the data being served from your apis.
I suggest you look at that approach if it helps your case.
Ashdin, I apologize, I'm new to this...
So you are saying that the repository cannot be secure, but the addons/builds etc that I link to can be secured via security settings on the server where I am hosting the files. Is that correct?
And if that is what you're saying, if I have security on an addon that require username/password to access, would kodi prompt for this so that the intended user can gain access?
Thanks,
Steve
There is always a way use:
*.repo.yourdomain.com that uses the same virtualhost.
Instead the xml file use a script (you have to set xml as php type ) that checks the token and output the xml.
So an user gets an token lets say afk799fm. He enters the repo afk799fm.repo.yourdomain.com.
Gesendet von meinem SM-G955F mit Tapatalk