Chaton chat rooms are 'public' by default, that is, anybody can watch logs and post text, without any authentication. We don't want Chaton to be complicated with dragging user authentication and management stuff.
However, if you need an easy solution, you can use the chat room url protected by http Basic authentication; it's not fancy, but it works. Chaton has a little bit of support to make it easier. You need to change two places in the conf file to make room protected:
- Create a password file by htpasswd, and specify its path
in htpasswd-path parameter in the conf file.
- Change loose-login parameter to "#f"
Then run build-site script. Now you'll be asked username and password to access to the room. (The authentication is also required to access archives, badge and apilogin, for they are under the same directory.)
With the above settings, an extra CGI script 'passwd' is installed under the chat room URL, which allows the authenticated user to change his/her password. The script kicks htpasswd program, so the password file must be writable by the cgi script.
The change of 'loose-login' has one drawback. If you restart the comet server (chaton-viewer-$ROOM), users are asked to reload the page (for programs using API, they need to re-login through apilogin). If it is too much a problem, you can leave loose-login to #t, if you think your comet server url is not widely known. Since the comet server url is not under the http authenticated path, those who know the comet server url can bypass http authentication process. Setting loose-login to "#f" forces the comet server to only accept the requests with valid token (client id) which can only be obtained through the chat room page or apilogin script. Unfortunately, those token are invalidated when the comet server is restarted.