Provide a way to access public links RSS feed when public links are hidden

[n00b12345]

Currently one has to use this format

http://user:password@localhost/shaarli/rss

to access a particular feed. Now this format is unacceptable to most feed readers. Is there a way to add a token system to the feed instead of asking for username and password? Pinboard currently does this for its feeds. Eg. a Pinboard feed looks like this: pinboard.com/secret:tokenID/feed

The token ID acts as the password and even in the oldest of feed readers is perfectly acceptable.

Could Shaarli have something of this sort?

If possible, please consider.

[ArthurHoaro]

http://user:password@localhost/shaarli/rss

This will perform an HTTP authentication, it won't login to Shaarli.
What's the use case? Set all your links to private and share the token feed URL?

[n00b12345]

I use OwnCloud News (RSS feed reader) on the same server where I host Shaarli. Now I want to save links I want to deal with later, using a particular tag, say "readitlater". The RSS feed Shaarli generates for this, will then be used to add to OwnCloud News. This will then give me my own Reading List of sorts.

Hope I was able explain the situation.

[ArthurHoaro]

And you save your links in Shaarli in private, right?

[n00b12345]

Yes, I have to. Otherwise anyone could start saving public links on my server.

[ArthurHoaro]

No, I mean you share links as private (visible only when logged in), otherwise they appear in your RSS feed.

[n00b12345]

Yes, in short.

(But here's what I've done. I've hidden public links from being viewed as well since I don't want anyone else to see what I'm bookmarking. So presently, without unhiding my private or public bookmarks, there's no way to access feeds. Hope I was able to explain it)

[nodiscc]

I.e. provide a way to access the public RSS feed when public links are hidden?

I'm not sure this can be easily done. What I would do if I had your usecase:

• password protect the shaarli directory using your webserver's authentication facilities (on Apache mod_auth_basic and htpasswd )
• access the RSS feed using HTTP authentication. Most modern feed readers support it.

[n00b12345]

@nodiscc that's a great idea and I'll try it out. What'll be the feed format in that case? http://user:password@localhost/shaarli/rss?

Where user and password are the ones in htpasswd?

[nodiscc]

It depends on your feed reader. Each one has it's own method to subscribe to authenticated feeds. I use Liferea and it asks for the username/password on first connect (or with "use password authentication" in the feed preferences). Your syntax may work - i would try first without the user:password part and watch for errors.

[ArthurHoaro]

Yep, also you could host your Shaarli in localhost/<hash>/rss and save the link. I'm letting this open since it's not a bad idea, although low priority. Kinda related to #475

[nicolasdanelon]

+1 to localhost/<hash>/rss would be awesome if you could use that hash along the webapp too ;)

[nodiscc]

@nicolasdanelon Arthur is suggesting to do a git clone https://github.com/shaarli/Shaarli /var/www/lydAiTrul2UpzrPF5T. That way visitors have to know the exact /lydAiT... URL to access the Shaarli (or try to enumerate possible directories which can be catched by WAF or fail2ban rules). I still believe webserver based auth is a better option (tried and tested, secure, does what @n00b12345 wants).

[ArthurHoaro]

Thanks for the clarification @nodiscc, that's what I meant.