sjg/trx-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0b7158f465cdd515abe272bffdbbdbacc370b04c
trx-rs/trx-client.toml.example
T
sjg 65e1073ea0 [feat](trx-frontend-http): complete HTTP authentication implementation (phases 4-5) 
Phase 4: Frontend login gate and role-based UI
- Add auth-gate HTML overlay with passphrase form
- Implement checkAuthStatus, authLogin, authLogout functions
- Auth startup sequence checks /auth/session before connecting
- Apply role-based restrictions: hide PTT/TX controls for rx role
- Handle 401/403 errors in postPath, return to login screen
- Add logout button in About tab with auth role display
- Passphrase form shows generic error messages (no info leakage)

Phase 5: Documentation
- Update trx-client.toml.example with [frontends.http.auth] section
  - All config fields with inline documentation and examples
  - security notes about cookie settings
- Update README.md with HTTP Frontend Authentication section
  - Role model explanation (rx vs control)
  - Configuration example
  - Security considerations for local, LAN, and remote deployments
  - Architecture overview

UI Features:
- Login gate blocks main UI until authenticated
- Role badge shows authenticated status in About tab
- Error messages clear after 5 seconds
- Logout confirmation prevents accidental logouts
- Smooth transition from auth gate to main UI

All code compiles successfully. HTTP frontend build verified.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Stanislaw Grams <stanislawgrams@gmail.com>
2026-02-13 08:18:49 +01:00

97 lines
2.7 KiB
TOML
Raw Blame History

# trx-client Configuration File
#
# Copy this file to one of:
# ./trx-client.toml (current directory)
# ~/.config/trx-rs/client.toml (user config)
# /etc/trx-rs/client.toml (system-wide)
#
# Or specify a custom path with: trx-client --config /path/to/config.toml
#
# CLI arguments override config file values.
[general]
# Callsign or station identifier displayed in frontends
callsign = "N0CALL"
# Log level: trace, debug, info, warn, error
# log_level = "info"
[remote]
# Remote trx-server URL (host:port)
url = "192.168.1.100:9000"
# Poll interval in milliseconds
poll_interval_ms = 750
[remote.auth]
# Bearer token for authenticating with the remote server
token = "my-token"
[frontends.http]
# Enable HTTP/REST frontend with SSE for real-time updates
enabled = true
listen = "127.0.0.1"
port = 8080
[frontends.http.auth]
# Optional passphrase-based authentication for the HTTP frontend
# Disabled by default to preserve backward compatibility
# Enable authentication (default: false)
enabled = false
# Read-only passphrase: grants access to status/events/audio (rx role)
# Leave unset to disable rx access
# rx_passphrase = "rx-only-passphrase"
# Full control passphrase: grants access to all endpoints including TX/PTT (control role)
# Leave unset to disable control access
# control_passphrase = "full-control-passphrase"
# Enforce TX/PTT access control (default: true)
# When true, TX/PTT endpoints return 404 to authenticated users without control role
tx_access_control_enabled = true
# Session time-to-live in minutes (default: 480 = 8 hours)
session_ttl_min = 480
# Set Secure flag on session cookie (default: false)
# Should be true if served over HTTPS; false for HTTP/localhost
cookie_secure = false
# Cookie SameSite attribute: Strict, Lax (default), or None
# Lax is a good balance between security and usability
cookie_same_site = "Lax"
[frontends.rigctl]
# Enable rigctl-compatible TCP interface (hamlib compatible)
enabled = false
listen = "127.0.0.1"
port = 4532
[frontends.http_json]
# Enable JSON-over-TCP control interface
enabled = true
listen = "127.0.0.1"
# Set to 0 to bind an ephemeral port
port = 0
# List of accepted bearer tokens (empty = no auth)
# auth.tokens = ["example-token"]
[frontends.audio]
# Enable remote audio stream and decode transport
enabled = true
# Remote trx-server audio port
server_port = 4533
[frontends.audio.bridge]
# Enable local cpal bridge for WSJT-X virtual audio routing
enabled = false
# Optional exact output device name for RX playback
# rx_output_device = "BlackHole 2ch"
# Optional exact input device name for TX capture
# tx_input_device = "BlackHole 2ch"
# Playback/capture gain multipliers
rx_gain = 1.0
tx_gain = 1.0
Reference in New Issue View Git Blame Copy Permalink