Hi,
I'm currently writing an Haskell library for the Proxmox API, and I want to use it for a few web apps soon.
I'm looking at how to implement the noVNC console, but as I understand it you need to query the link with the PVEAuthCookie cookie set, from the end user. Is that right ?
That's a huge problem, I can't have the user open his developer console, grab the cookie and make other requests for two hours :/
Even having a user with only that rights, that still means one user can get access to some other user's VM. And I really don't want to handle one account per user, that'd be a nightmare to handle.
Is there another solution, or do I have to forget about the console ?
Ideally you'd need something like an API endpoint that would generate a one-time auth cookie usable only for the requested noVNC console, I think.
I guess another solution would be to proxy the connection from the client through the server to the proxmox node, adding the cookie on the server, but I'm not sure how I'd do that, that sounds overly complicated.
I'm currently writing an Haskell library for the Proxmox API, and I want to use it for a few web apps soon.
I'm looking at how to implement the noVNC console, but as I understand it you need to query the link with the PVEAuthCookie cookie set, from the end user. Is that right ?
That's a huge problem, I can't have the user open his developer console, grab the cookie and make other requests for two hours :/
Even having a user with only that rights, that still means one user can get access to some other user's VM. And I really don't want to handle one account per user, that'd be a nightmare to handle.
Is there another solution, or do I have to forget about the console ?
Ideally you'd need something like an API endpoint that would generate a one-time auth cookie usable only for the requested noVNC console, I think.
I guess another solution would be to proxy the connection from the client through the server to the proxmox node, adding the cookie on the server, but I'm not sure how I'd do that, that sounds overly complicated.