I am looking for a guide on how to serve files on gemini to specific users / behind a password. Any links to some guide where it is explained in detail?

=> Posted in: s/Gemini | 🚀 LucasMW

2024-10-27 · 3 months ago

8 Comments ↓

=> 💎 pista · Oct 27 at 23:00:

Gemini only has one input and no cookies. The most you could do is prompt a user for a password, and return data if the password matches.

But thats gone as soon as you use it.

You are better off using user-generated certs as this is the only method of identifying users in Gemini across visits.

Every single file would have to be a CGI that checks the user's cert to see if it's in the allowed list before writing the file to text or octet-stream.

=> 🚀 LucasMW [OP] · Oct 27 at 23:06:

I actually am not aiming to build an application. It could be a hardcoded cert, for all I care. How can I do it?

=> 🍀 gritty · Oct 27 at 23:55:

See section three for a couple examples.

=> — Examples

=> 🦂 zzo38 · Oct 28 at 00:01:

Another alternative way would be to make a secret file name, so that you can only access the file if you know the file name. This avoids needing CGI, although you will have to disable directory listing.

=> 🚀 stack · Oct 28 at 00:25:

If you have access to CGI, check for the users certificate, that guarantees user identity better than passwords. Otherwise a 'secret file' is your only option...

=> 🚀 clseibold · Oct 28 at 01:07:

I'm surprised nobody mentioned @skyjake 's great Gemini App Developers Guide! :D

=> — Gemini App Developer's Guide

=> 🚀 mbays · Oct 28 at 08:51:

The gemini server software Molly Brown has inbuilt support for this. To quote the README:

CertificateZones: In this section of the config file, keys are path regexs and values are lists of hex-encoded SHA256 fingerprints of client certificates. Any requests whose path matches one of the regexs will only be served as normal if the request is made with a client certificate whose fingerprint is in the corresponding list.

=> 🚀 fripster · Oct 29 at 08:16:

poor man's solution: zip the file(s) and encrypt. send password only to user