Added Dockpeek to BigBearCasaOS

Myles · September 18, 2025, 12:13am

Option for Passwordless Login

[Feature Request] Option for Passwordless Login (No Authentication)

opened 01:34AM - 04 Sep 25 UTC

closed 02:06PM - 03 Oct 25 UTC

I'd like to request a feature to allow passwordless login for users who want to …run Dockge without authentication on trusted local networks. ### Use Case: - Home labs and local development environments where security is already handled at the network level - Users who want quick, frictionless access without login prompts - Single-user setups where authentication adds unnecessary complexity ### Proposed Solution: Add an environment variable (e.g., DOCKGE_AUTH=false) that: - Disables the login page entirely - Skips authentication middleware - Directly serves the main dashboard when accessing the web UI ### Example Docker Compose Implementation: ```yaml environment: - DOCKGE_AUTH=false # Disables authentication - DOCKER_HOST: unix:///var/run/docker.sock # Optional: ignored when auth disabled - PASSWORD: admin # Optional: ignored when auth disabled - SECRET_KEY: my_secret_key # Optional: ignored when auth disabled - USERNAME: admin # Optional: ignored when auth disabled ``` ### Code Changes: In `app.py`, add: ```python DISABLE_AUTH = os.environ.get("DOCKGE_AUTH", "true").lower() == "false" ``` Then modify the route handlers to check `DISABLE_AUTH` before requiring authentication. Key routes that would need updates: - / (main dashboard) - /data (API endpoints) - /export/json (export functionality) - /check-updates (update checks) The core authentication logic could be modified to check for the `DOCKGE_AUTH` environment variable. For example, in the main route handler: Current code ([app.py#L520-L526](https://github.com/dockpeek/dockpeek/blob/main/app.py#L520-L526)): #### Proposed modification: ```python @app.route("/") def index(): version = os.environ.get('VERSION', 'dev') if DISABLE_AUTH or current_user.is_authenticated: <--- This line return render_template("index.html", version=version) return redirect(url_for("login")) ``` ### Security Consideration: - This should be **opt-in** and default to true (authentication enabled) - Add clear warnings in documentation about the security implications - Maybe show a warning banner in the UI when authentication is disabled This would be similar to how other tools like Portainer allow disabling authentication for local/trusted environments.