Connectable user ACL in domain-server


#1

In the past couple of days we’ve added a new feature that lets you control which users can connect to your domain-server.

It is found in the security section of your domain-server settings. If you’re running a domain-server on your local machine you can get to your domain-server settings at http://localhost:40100/settings.

The ‘Allowed Users’ section is a table that you can add and remove usernames to. If there is at least one username in the table only the users listed in the table will be allowed to connect to your domain. If there are no usernames in the table all users are allowed to connect. No matter the settings in the table you will always be able to connect to your domain-server from an Interface client running on the same machine.

The works using an RSA 2048-bit keypair that each user’s Interface client generates for them automatically. The private key is not shared and is stored locally on your machine, the public key is uploaded to data.highfidelity.io and is viewable by any user.

Your interface client signs your username and sends this to the domain-server when it wants to connect. The domain-server then optionally checks this signature using your public key to verify if you are the user you say you are and you should be allowed into the domain.

You may run into issues if you use Interface on multiple computers. For now simply log out and log back in when you switch computers so that your public key is up to date in your account. I am currently working on a fix for this.