~Green Forum

alexlehm wrote: wouldn't that be a good application for the oauth-proxy tool?

uploads.tilde.green/external-upload

<user>-ctokens-<token-reference>

alexlehm wrote: ↑Wed Oct 02, 2024 5:39 pm nullpointer/api token:

I believe the problem with tokens being shared is usually handled by renewing the token in an interval like 1 hour, but that is not a good thing when you use scripts, e.g. I might just use curl to upload to nullpointer and add the token and that would require more code to renew. When using a HTTPS POST with the API key, I assume its workable. But it might be worth to look into other options, I believe there is a tool for oauth key management that you can use in a shell script (for github, not sure if that works with other tools)

alexlehm wrote: ↑Wed Oct 02, 2024 5:39 pm pistransfer:

I have not looked enough into the tool to say anything more about it, I will try to do a demo install on my host

alexlehm wrote: ↑Wed Oct 02, 2024 5:39 pm pingvin:

Pingvin should work with TGCI out of the box since it has a SSO integration, the author has their own mini-SSO provider that one can use for a specific use with Passkeys, I am pretty sure that it will work with out Keycloak as well

If we want to limit features we could e.g. make the maximum keep time to a shorter interval like 7 days and maybe disable the reverse share feature

jmjl wrote: ↑Wed Oct 02, 2024 6:03 pm

alexlehm wrote: ↑Wed Oct 02, 2024 5:39 pm pingvin:

Pingvin should work with TGCI out of the box since it has a SSO integration, the author has their own mini-SSO provider that one can use for a specific use with Passkeys, I am pretty sure that it will work with out Keycloak as well

If we want to limit features we could e.g. make the maximum keep time to a shorter interval like 7 days and maybe disable the reverse share feature

Yeah I guess.
I kind of like the reverse share feature idea, but don't know if when you configure pingvin with a SSO provider you're able to have it such that the user who gave the URL to reverse shre with you doesn't need to login, and also I assume it allows to be configured so that guests (non-logged in users) can't upload right?

alexlehm wrote: ↑Wed Oct 02, 2024 6:12 pm I think pingvin share has no guest access at all and the reverse share links are open to people who have received the link for a single share (or for the time it is open), so that you will end up with a share url that is known to the guest you invited and yourself, the reverse share can also be password protected

alexlehm wrote: ↑Wed Oct 02, 2024 6:12 pm I assume this is convenient if you have people at a family meeting who want to send photos back to the person who collects them

jmjl wrote: ↑Wed Oct 02, 2024 6:18 pm Oh, that's great then, I'm more likely to tend to choose pingvin now
By "the time it's open", you mean that you could create a reverse share link that allows anybody to upload until you disable it, or you still are setting a time limit, even if it's for 9999-12-31.

jmjl wrote: ↑Wed Oct 02, 2024 6:18 pm Yes, this is convenient, and I think might be easier on the users than having to interact with the NextCloud upload thing, which means I later have to download of off NC, to make my own targz and zip of everything as part of the photo collection part of the distribution.

alexlehm wrote: ↑Wed Oct 02, 2024 6:30 pm

jmjl wrote: ↑Wed Oct 02, 2024 6:18 pm Oh, that's great then, I'm more likely to tend to choose pingvin now
By "the time it's open", you mean that you could create a reverse share link that allows anybody to upload until you disable it, or you still are setting a time limit, even if it's for 9999-12-31.

The reverse share can be active for a number of days and is also limited to a number of shares, so you can say 7 days and 10 shares or so
the maximum time is be days to years

alexlehm wrote: ↑Wed Oct 02, 2024 6:30 pm

jmjl wrote: ↑Wed Oct 02, 2024 6:18 pm Yes, this is convenient, and I think might be easier on the users than having to interact with the NextCloud upload thing, which means I later have to download of off NC, to make my own targz and zip of everything as part of the photo collection part of the distribution.

My wife has used Jumpshare in the past for family photos and more recently used something which I cannot think of right now, maybe just Google Drive

jmjl wrote: ↑Wed Oct 02, 2024 7:14 pm I'd rather use self-hosted image sharing, but maybe I'll host a private pixelfed for my family, that would probably be hosted at a iwnp.org subdomain, and with some kind of auth being required.
If I decide to host it, it'll be hosted on my laptop rather than on ~green, and have the ssl offered by my laptop, which means having to run lego on it, since I'd rather get the ssl not be shared to tilde.green if it's going to be private (this means nginx will probably no longer run on :443, and be with haproxy, but not sure yet on what I'll do. Yes I know the sub-domain would be public, or at least the existence of a *.iwnp.org cert because of certificate transparency logs.



Maybe hosting a pixelfed instance where tilde.green users are able to sign up is a good idea?, not sure yet.

alexlehm wrote: ↑Wed Oct 02, 2024 7:24 pm

jmjl wrote: ↑Wed Oct 02, 2024 7:14 pm Maybe hosting a pixelfed instance where tilde.green users are able to sign up is a good idea?, not sure yet.

I really like Pixelfed, I use that as my Instagram replacement (on sdf.org), there is also a more privacy-oriented thing that someone mentioned, like a private file share group geared towards family groups.
(cannot think of the name right now, i will search through my links)