How do I get access?
How do I get access?
Non-technical explaination: How to login
How to login
On the top right of the website, you will see a login button.
Click on it, and you will be redirected to login.home.stefanocoding.me
Once on the login page, you should be able to see a discord button... press it.
Once pressed, you will be redirected to Discord, on here it will ask for the following permissions:
- Username, avatar & banner access
- Access to your email
- Know what servers you are in
- Read your member info
Why do you need access to my email?
Authentik (and bookstack) need something to bind your account to, in this case. It was chosen to be an email, since Discord use is mandotory for this website. The email you use on Discord will be shared with this application. Requests to delete can be sent to [email protected].
Why do you need to read server data?
To process what roles someone has in a server (to grant the appropriate groups within Bookstack), we need the explicit permission to do so. Otherwise, this website doesn't have access to read this data. After reading, your roles will be stored as Authentik groups and those groups get passed on (along with the email to Bookstack)
When accepted, your roles will be read and you will get access to your applicable documentation. Thank you
Technical explaination: How it all works.
How it all works
As of right now, I have the following setup:
When you go to this website you pass a few layers before getting onto Bookstack. You'll go through my firewall, and end up inside of my server. The server then bring you down to my reverse proxy (NPMPlus). It checks the domain you connected with, and redirects you to the correct application internally. Once you go to Bookstack (This website), you get the unauthenticated pages first, these are the explaination pages to explain, show or detail how this website works and to give any privacy concerns a rest. If you still have questions, feel free to ask and I'll add/respond to them.
Once you press the login button on the top right (
) the website will redirect to Authentik, this is the central system that authenticates you against your Discord roles. How it does it is by using Discord OAUTH to obtain a token that gives me a few pieces of information. It will ask for the following:
- Username, avatar & banner access
- Access to your email
- Know what servers you are in
- Read your member info
Why do you need access to my email?
Authentik (and bookstack) need something to bind your account to, in this case. It was chosen to be an email, since Discord use is mandotory for this website. The email you use on Discord will be shared with this application. Requests to delete can be sent to [email protected].
Why do you need to read server data?
To process what roles someone has in a server (to grant the appropriate groups within Bookstack), we need the explicit permission to do so. Otherwise, this website doesn't have access to read this data. After reading, your roles will be stored as Authentik groups and those groups get passed on (along with the email to Bookstack)
Any Staff member can personally request a "shelf account". This is an alternative account that I manually handle (notify me of role changes) with a fake email adress in case of privacy conserns. This privilege may extend to users if required by neccecity. Please contact me on Discord to do so (codixer).
Once you authenticate with Discord, you go back to Authentik, it will use the token obtained to request the above pieces of information and populate the account internally. Every time you open Bookstack, login to bookstack or open the page. It will re-check/sync your roles. Once it has created the account, you will be immediently sent back to bookstack to login. It will contain the following information:
- Your email (Unique ID to bind on for Bookstack)
- Your username (To display for any edits, comments (If enabled), etc)
- Unique login ID (It's how OIDC works between Bookstack & Authentik)
- The Authentik groups you where put in (Based on your Discord roles)
Bookstack then gives you access to the rest of the website/documentation! Based on your roles, you may or may not have additional access to documentation. (Based on my (codixer (Recruit)) access).
Do not ask me to add documentation I do not have access to, Staff may bring this up internally and have them discuss the risks. However, requests from ranks below to add documentation will not be handled.
Additionally, giving me documentation I do not or should not have have access to will be reported back to staff.
What is...
Bookstack?
Bookstack is documentation software, it's selfhosted and runs on PHP. You can view it's documentation, how it works and the use of Bookstack on it's own website: https://www.bookstackapp.com/
Authentik
Authentik is a selfhosted IDentity Provider (IDP), it's a central system that allows you to have control over login methods, provide additional authentication methods (Like MFA) and has a wide support range of several different protocols. Feel free to check it out here: https://goauthentik.io/
Access based: What roles have access to what?
What roles have access to what?
Founder ⚜★Sheriff ★★★★Deputy Sheriff ★★★As of right now, these are the roles that have full admin rights over Bookstack, this means they're able to view the email used to login to Authentik, going to Bookstack. They can make any edits and are able to monitor this instance.
Captain |★★Lieutenant ★★Staff Sergeant |★S.H.I.E.L.D. StaffDependend on the page, staff will be able to edit a book, page or shelve. This is per item and not global, please check the "edit-by" on the top left of the screen when on the book. It'll tell you what role you need to edit a page.
As of right now, all documentation on this website won't be higher then Recruit. The website will only have books with the content I (Codixer) have access to.
Sergeant |CorporalSenior DeputyDeputyRecruitCadet
An additional reminder, giving me any documention I should not have access to without express permission from staff will result in being reported back to staff.
Non-ShieldCurrently, only this book is availible to the wider public, it contains the technical information on how to use this website and what data is shared between applications.