Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to host a shinylive app on a private intranet? #109

Open
dmresearch15 opened this issue Jan 31, 2024 · 8 comments
Open

How to host a shinylive app on a private intranet? #109

dmresearch15 opened this issue Jan 31, 2024 · 8 comments

Comments

@dmresearch15
Copy link

When utilising shinylive.io/r to develop an app, the question arises: "Who has access to view the app?" After generating the application URL, it is disseminated exclusively to a chosen group of users. Can it be guaranteed that only these specifically selected individuals have the ability to view the app?
@gadenbuie
Copy link
Contributor

gadenbuie commented Jan 31, 2024
edited
Loading

Hi @dmresearch15! The short answer to your question is no, it's not possible to restrict access to an app created on https://shinylive.io/r -- anybody who has the link can access the app. We don't have a registry of apps, so your link won't be publicly published or even revealed to us, just the people you share it with.

https://shinylive.io encodes the entire app bundle in the app's URL. For example, in this link to the timer demo app, which looks like https://shinylive.io/r/editor/#code=NobwRAdg...., the random letters and numbers after #code= encode the app's code. Clearly it would take someone a bit of work to decode the app, which is what shinylive.io does when you load that link, but it's obfuscated for a convenient URL and not encrypted.

@dmresearch15
Copy link
Author

Hello, appreciate your prompt reply. The information provided is indeed helpful. However, I require further clarification. My aim is to share confidential information selectively with a specific user group. To achieve this, I plan to place the application URL on our organisation's intranet, secured with a password. This will restrict access to the chosen group of users. In the event that certain individuals within this group opt to decode the app, it's acceptable. The key point is to ensure that no one outside this designated group gains access to the URL or the application. Eagerly awaiting your response.

@toxintoxin
Copy link

Hello, appreciate your prompt reply. The information provided is indeed helpful. However, I require further clarification. My aim is to share confidential information selectively with a specific user group. To achieve this, I plan to place the application URL on our organisation's intranet, secured with a password. This will restrict access to the chosen group of users. In the event that certain individuals within this group opt to decode the app, it's acceptable. The key point is to ensure that no one outside this designated group gains access to the URL or the application. Eagerly awaiting your response.

package shinymanager or shinyauthr might help (need remote database to protect credentials), you can try.
I haven't deployed my app successfully via shinylive yet :(
So I can't tell you the answer, sorry

@gadenbuie
Copy link
Contributor

To clarify: anyone with the shinylive.io URL can access and see the source code of the application you're sharing. Do not put credentials in your app's source code. Do not expect a URL you've shared with others to be kept private.

We (Posit, the maintainers of https://shinylive.io) do not track or store the URLs for applications created with shinylive.io. That said, you should consider a generated URL from shinylive.io to be semi-public and should take appropriate precautions.

For internal use, you can use the shinylive R package to create a standalone static webpage with your application that you could host internally on your intranet.

@dmresearch15
Copy link
Author

The app was exported using the following command:
shinylive::export("AppI", "AppO")

This command creates the following directories and files:
• \edit
• \shinylive
• app.json
• index.html
• shinylive-sw.js

To serve the app within an R session, the command below was used:
httpuv::runStaticServer("AppO")

The app works as expected in this setup.

How can this app be hosted internally on our intranet so others can access it?

@gadenbuie
Copy link
Contributor

How can this app be hosted internally on our intranet so others can access it?

Move the AppO directory into a place where it will be hosted on the intranet.

@dmresearch15
Copy link
Author

Thank you for your response.

I would like to know the equivalent command to httpuv::runStaticServer("AppO") within an R session for viewing the app after relocating the AppO directory to the intranet.

@gadenbuie
Copy link
Contributor

Sorry, @dmresearch15, I can't really give you a better answer because I don't know how your intranet is set up. Typically, an intranet includes a webserver that hosts pages that are accessible within an organization's private network. The exported shinylive files need to be hosted by a webserver (that's what runStaticServer() does). Typically, moving the AppO directory to a place where it's served on the intranet is enough. If that's not the case, you'll need to contact your intranet administrator to figure out how serve the exported app.

@gadenbuie gadenbuie changed the title R shinylive: Who can view the app? How to host a shinylive app on a private intranet? Dec 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gadenbuie @dmresearch15 @toxintoxin