Enhancing Security and User Experience in the Markdown to EPUB Converter

Today, I’m excited to share the latest updates to my Markdown to EPUB Converter project. This update focuses on enhancing security through optional authentication while maintaining a seamless user experience. Let’s dive into the new features and improvements.

Optional Authentication: Security When You Need It

The most significant addition in this update is the optional authentication system. While the converter was already useful as a personal tool, adding authentication opens up more deployment scenarios:

• Self-hosted on a public server: Now you can host the converter on a public-facing server without worrying about unauthorized access
• Shared with a team: Enable authentication to share with colleagues while maintaining control
• Integration with other services: The authentication system makes it easier to integrate with other tools in a secure manner

The authentication is completely optional - if you’re running the converter on a local network or in a protected environment, you can keep it disabled for convenience.

How the Authentication Works

The implementation is straightforward but effective:

1. Token-based authentication: Set an AUTH_TOKEN environment variable in your docker-compose.yml file
2. Multiple authentication methods: Support for both Bearer token and X-Auth-Token header methods
3. Authentication status endpoint: A new /auth-status endpoint lets clients check if authentication is required
4. Empty token handling: If the AUTH_TOKEN is empty or not set, authentication is automatically disabled

This approach provides flexibility while keeping the system simple to understand and maintain.

Improved Web Interface

The web interface has also received several enhancements:

1. Dynamic authentication field: The token input field only appears when authentication is enabled
2. Security warning: A clear warning message is displayed when authentication is disabled
3. Better error handling: Improved feedback for authentication failures
4. Updated footer: Added author information and social links

The UI now automatically adapts to whether authentication is enabled or disabled, providing a seamless experience in either mode.

Testing and Verification

To ensure reliability, I’ve enhanced the testing capabilities:

• Test script improvements: The test script now supports testing both authenticated and non-authenticated modes
• Authentication status verification: Easy verification of whether authentication is required
• Token validation testing: Comprehensive testing of token validation logic

These improvements make it easier to verify that everything is working correctly after deployment.

Getting Started with Authentication

Enabling authentication is simple:

1. Edit your docker-compose.yml file and uncomment the AUTH_TOKEN line:

   # Authentication (uncomment and set a secure token to enable authentication)
   - AUTH_TOKEN=your_secure_token_here

2. Replace your_secure_token_here with a strong, unique token

3. Rebuild and restart the container:

   docker-compose down && docker-compose build && docker-compose up -d

4. When making API requests, include your token:

   curl -X POST http://localhost:8088/convert \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer your_token_here" \
     -d '{...}' \
     --output book.epub

To disable authentication, either comment out the AUTH_TOKEN line or set it to an empty string, then rebuild and restart the container.

Why These Changes Matter

These enhancements address several important aspects of modern web applications:

1. Security: The authentication system provides a basic but effective security layer
2. Flexibility: The optional nature of the authentication means you can choose the right balance of security and convenience
3. User experience: The web interface adapts to the authentication status, providing a seamless experience
4. Transparency: The warning message ensures users are aware when authentication is not enabled

Conclusion

This update represents an important step forward for the Markdown to EPUB Converter, making it more versatile and secure while maintaining its simplicity and ease of use. Whether you’re using it as a personal tool or sharing it with others, these new features provide the flexibility to deploy it in a way that suits your needs.

The updated version is available now on GitHub, along with comprehensive documentation on how to use these new features.

Have you implemented authentication in your self-hosted applications? What approaches have you found most effective? Share your experiences in the comments below.