๐พ Archived View for bbs.geminispace.org โบ s โบ Gemini โบ 21268 captured on 2024-12-17 at 15:10:38. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
I am looking for a guide on how to serve files on gemini to specific users / behind a password. Any links to some guide where it is explained in detail?
Oct 27 ยท 7 weeks ago
๐ธ HanzBrix ยท Oct 27 at 22:55:
I think you may have to build a script for that and I think you should use certs, not a password.
๐ pista ยท Oct 27 at 23:00:
Gemini only has one input and no cookies. The most you could do is prompt a user for a password, and return data if the password matches.
But thats gone as soon as you use it.
You are better off using user-generated certs as this is the only method of identifying users in Gemini across visits.
Every single file would have to be a CGI that checks the user's cert to see if it's in the allowed list before writing the file to text or octet-stream.
๐ LucasMW [OP] ยท Oct 27 at 23:06:
I actually am not aiming to build an application. It could be a hardcoded cert, for all I care. How can I do it?
๐ gritty ยท Oct 27 at 23:55:
See section three for a couple examples.
๐ฆ zzo38 ยท Oct 28 at 00:01:
Another alternative way would be to make a secret file name, so that you can only access the file if you know the file name. This avoids needing CGI, although you will have to disable directory listing.
๐ stack ยท Oct 28 at 00:25:
If you have access to CGI, check for the users certificate, that guarantees user identity better than passwords. Otherwise a 'secret file' is your only option...
๐ clseibold ยท Oct 28 at 01:07:
I'm surprised nobody mentioned @skyjake 's great Gemini App Developers Guide! :D
โ Gemini App Developer's Guide
๐ mbays ยท Oct 28 at 08:51:
The gemini server software Molly Brown has inbuilt support for this. To quote the README:
`CertificateZones`: In this section of the config file, keys are path regexs and values are lists of hex-encoded SHA256 fingerprints of client certificates. Any requests whose path matches one of the regexs will only be served as normal if the request is made with a client certificate whose fingerprint is in the corresponding list.
๐ fripster ยท Oct 29 at 08:16:
poor man's solution: zip the file(s) and encrypt. send password only to user