Allow to enter password in URL instead of form

[momiji]

Before anything : Fantastic work, impressive...

I have a "small" improvement request...

We're several people using code-server on our servers, and most of the time we're using it under the same unix account. It is not problem as the port number is different for each user, as well as the generated random password.

We have a shell script that search for a free port, generates a random port, prints the URL to connect and the password, and finally starts code-server. The user just have to click on the link, and enter the password.

The idea of this improvement would be that it is no more necessary to enter the password and have it directly in the URL. This is not a security concerns in my use case, because the browser uses an SSH tunnel directly to the server.

For example, if I connect to my server dev01.localhost and I run my script, it gives me the url with a random port like 12345: http://dev01.localhost:12345 and the generated password S3cr3t.
I would like to be able to have only the url, like http://dev01.localhost:12345/login?password=S3cr3t

By the way, browsing to different SSH tunnels is very easy once you install a dynamic proxy extension. Personaly, I'm using SwitchyOmega for this in Chrome and Firefox. With the above example, I would add a rule like dev01.localhost to go through a SOCKS proxy on the port configured in the SSH connection. This is a top!

[niv-d]

Isn't there a way to disable the password all together?

Also, I feel a "one time login" would be a better implementation of this. I don't thinks its the best to drop a password in logs, even if its a one time use.

[nhooyr]

@momiji If you're using an SSH tunnel you can disable password authentication with --auth=none or auth: none in the config file.