From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; dkim=pass header.d=irif.fr header.i=@irif.fr header.a=rsa-sha256 header.s=dkim-irif header.b=oYAHDVYI; arc=none (Message is not ARC signed); dmarc=none Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) by mail.toke.dk (Postfix) with ESMTPS id 1DF6513226A5 for ; Sat, 11 Jul 2026 12:50:19 +0200 (CEST) Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 66BAoH3F015549; Sat, 11 Jul 2026 12:50:17 +0200 Received: from mailhub.math.univ-paris-diderot.fr (unknown [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 4AD833B9F7; Sat, 11 Jul 2026 12:50:17 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=irif.fr; h= content-transfer-encoding:content-type:content-type:mime-version :user-agent:references:in-reply-to:subject:subject:from:from :message-id:date:date:received:received; s=dkim-irif; t= 1783767015; x=1784631016; bh=JQJpcb1rIBIjy1H1TdzeP2M7cQYQoY5irEm wKlKl7CI=; b=oYAHDVYI6l4YaV0LiUCgIXsX+CfPkV93pRqv6kncCdQgU8uIJ1n B74FrDVWi9pqBhHL9MUHAGW4Qubh+sYGS18ZCGbH2LCWjqIL+k0wrKO26dO5hBDw icHtiAGplrbg8WV3+6UXsK2ZP7NI4PhoWzUJK3yuOHVkTLMeHH3E1WfngEKvo/qi MnRDnOUAqeBxshaF/ht79pPMND0tsrtB/ICxGLhA3iTpA7uVgJrLxSCUYaU0Kbqm qxe/LQJXmDzgczufkLmBjSyt6bKlusEgxmTubQRAVKLUN+F4G62meNtyxF/kL9NJ UB7tpIs6LuOv5XTWyLP2nsgvxs7hwCAgfcg== X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id xdWw7JhFDNFm; Sat, 11 Jul 2026 12:50:15 +0200 (CEST) Received: from trurl.irif.fr (unknown [82.64.191.149]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id D035C3BAE2; Sat, 11 Jul 2026 12:50:15 +0200 (CEST) Date: Sat, 11 Jul 2026 12:50:15 +0200 Message-ID: <87se5ppzq0.wl-jch@irif.fr> From: Juliusz Chroboczek To: =?ISO-8859-1?Q?Timoth=E9e?= Jaussoin Cc: galene@lists.galene.org In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/30.2 Mule/6.0 MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [194.254.61.138]); Sat, 11 Jul 2026 12:50:17 +0200 (CEST) X-Miltered: at korolev with ID 6A521FE9.000 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 6A521FE9.000 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/ X-j-chkmail-Score: MSGID : 6A521FE9.000 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Status: Ham Message-ID-Hash: J536JNWAP4S6EJPJXPBVWE2YTBL66DIX X-Message-ID-Hash: J536JNWAP4S6EJPJXPBVWE2YTBL66DIX X-MailFrom: jch@irif.fr X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list Subject: [Galene] Re: Galene HTTP API error and various feedback List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hello Thimoth=E9e, nice to meet you. > 1. Its not written in the documentation that the API authentication is > actually using Basic Auth, its a small thing but I had to dive in into > galenectl code to understand that Thanks, I'll fix that at the next opportunity. > 2. I'd really like to be able to directly pass the admin-username and > admin-password or directly an admin-api-key when launching ./galene, this > will allow projects that wraps Galene like mine to not have to deal with > galenectl and its custom file and generate a random username/password or > api-key each time galene is launched. That's something you could easily script: #!/bin/sh set -e umask 0077 pw=3D"$(dd if=3D/dev/random bs=3D8 count=3D1 | base64)" sed "s/@PASSWORD@/$pw/" < /etc/galene.conf.template > /tmp/galene.conf galene -c /tmp/galene.conf So I'm not too keen to add code that I'm going to have to maintain forever just to avoid a few lines of shell. Is there any reason why you need this to be done within the server itsef? > 3. For projects that wrap Galene it would also be interesting if the API > calls and open Websockets requests could be restricted to the local > machine only (to prevent so security issues if the API is unfortunatelly > exposed publicly). That's a good idea. Could you please file a github issue? > 4. I'm not there yet but it seems that each "user" have to create > a dedicated Websocket (see > https://galene.org/galene-protocol.html#connecting) when wrapping Galene > server side. This means that the wrapper will have to maintain dozens of > Websockets. Would it be possible to provide a "admin" Websocket where all > the messages are sent through it (with a specific user id to differenciate > them) ? It's a lot of work, and will require some protocol changes. It is planned to do that when (if?) I implement server federation. Could you please describe exactly what you're doing, so I can think about it some more? -- Juliusz