fix: enable albyhub app proxy auth by default

[NodeDiver]

• Turned on PROXY_AUTH_ADD so Alby Hub now sits behind Umbrel’s app proxy.

This forces anyone visiting the app to authenticate with their Umbrel account even if the Alby Hub unlock password is known. Adds a safety layer when users mismanage credentials, requiring both the Umbrel password and the Alby Hub unlock password to gain access.

[reneaaron]

Isn't true the default here so you can omit the whole line?

From the docs:

The Umbrel App Proxy automatically protects an app by requiring the user to enter their Umbrel password

Suggested change

PROXY_AUTH_ADD: "true"

[NodeDiver]

It is the default. Also I just test it locally and indeed the whole line is unnecessary, it's removed now.

[NodeDiver]

@nmfretz I thank you in advance for reviewing and merging this 🙏

[nmfretz]

Awesome @NodeDiver, really glad to see Alby Hub utilizing the auth proxy.

This forces anyone visiting the app to authenticate with their Umbrel account even if the Alby Hub unlock password is known. Adds a safety layer when users mismanage credentials, requiring both the Umbrel password and the Alby Hub unlock password to gain access.

And in addition to needing to enter the umbrel password if not signed in, if a user has 2FA set up on their Umbrel then Alby also sits behind that!

In order for existing users to get an app update notification the version field in the umbrel-app.yml needs to be updated. As-is, only fresh installs of Alby Hub would site behind the auth proxy.

What's better for you guys:

1. We wait until the next version of Alby Hub is released, and then merge this PR with updated image, version, and release notes. This means users would continue to not have the auth proxy enabled until then.

2. Merge this PR now with only the auth proxy added. We change the version to something like

version: 1.20.0-auth

or

version: 1.20.0-hotfix.1

And then add release notes like:

releaseNotes: >-
  This release adds additional security to your Alby Hub app on umbrelOS by ...
  

  No other changes to Alby Hub are included in this release.


  Full release notes are found at https://github.com/getAlby/hub/releases

[NodeDiver]

Hey, @nmfretz ,
Since this change is independent of the next version of Alby Hub and it is an enhancement on security, you are welcome to merge it now.

You can use version: 1.20.0-auth

releaseNotes: >-
  This release adds additional security to your Alby Hub app on UmbrelOS by adding existing UmbrelOS security measures
  

  No other changes to Alby Hub are included in this release.


  Full release notes are found at https://github.com/getAlby/hub/releases

Thanks!!!

[github-actions]

🎉   Linting finished with no errors or warnings   🎉

Thank you for your submission! This is an automated linter that checks for common issues in pull requests to the Umbrel App Store.

[nmfretz]

Excellent, thanks again @NodeDiver! Here's what I've done for the release notes:

Reviewed and tested connections. If a user is not logged in to their Umbrel they would be met with this screen if trying to access the Alby Hub app directly: