feature request: authentication for feeds. #4
Description
Currently, auth covers all endpoints except for /feeds/.
Most RSS readers seem to support HTTP basic auth. The other way is to include a password / token as URL parameter. However, depending on how the RSS reader stores the URL, that would expose the password. So, I believe that HTTP basic auth is the way to go.
I see 2 viable options for HTTP basic auth:
- Use the username & password defined in the .env
- Add a password system: Allow to set a password. The username is always the same (
letterfeedfor example)
I lean towards option 2 because it's safer and more customizable.