The problem I see is that one can only set open_registration to true, otherwise nobody can register.
On the other hand, this also means the entire world can use my server (if the address is known).
Currently I have to set open_registration to true, restart the server, tell a friend that they can register, get a ping from a friend that they have registered, set open_registration to false, and restart the server again. Wash, rinse, repeat.
It would be nice to be able to provision users. There are certainly workflows where I, as the server admin, donāt have to know the password/key.
Do you know what happens with the atuin server process in such a case? Is a normal error thrown or does it panic?
Such a case is not expected and the devs could have decided to panic thereā¦
I thought about that and this means Iād have to give VPN access to anyone that wants to use the atuin server. In theory possible, but could be a hassle as well, depending on the setup. Another problem is that many companies do not allow to use a VPN other than theirs, especially at the same time. So when I were in the office, I wouldnāt be able to sync. In that case having a public server is the only option.
I havenāt really thought about it. Many of my friends like working on the command line so this project would certainly be a nice addition to their daily workflow. I would have just pointed them to my server to register. Currently I can think of around 20 people (but maybe they want to host it themselves). I havenāt found a config paramter to limit the history, e.g. to X months or X unique commands, thus I will have to see how the storage reqs develop. Although it canāt be that much (doing a rough calculation in my head).
When I think a bit harder about it, this might be more of an enterprise feature. I can certainly handle changing the env var for like 20 x2 times. It was just something that came to my mind, when I was thinking about how to set it up and allow my friends to register. But you are right - restarting the server a few times is not such big deal. Itās more the coordinating part that could be tricky, as in āhey, please register NOW and let me know when you are doneā.
I am also more than happy with adding a constraint to the DB table. As long as atuin does not panic because of it, that is.
How about requiring a shared secret - or a way to generate an invite code.
So registration, instead of just open and closed, will have an additional option - by-invite, and the command line on the server will have an option to generate an invite code with an expiration date (or an unlimited one).
This is a very common practice in sharable self-hosted solutions - allowing it to be āopenā to use outside of the LAN/VPN (like on travel) - but also allow friends and family access by being selective.
Of course, any other security - like blocking brute force tactics is on the server admin to setup.
Yep, both worklfows came to mind when I was writing this:
The shared secret one is easier to implement (less code, no database schema changes), the invite code one is rather geared towards enteeprise usage Iād say.
Both are easy to implement though. Iām currently a bit busy, but Iād like to help out when I have a bit more time.