Feature Request: Static Username & Password Authentication for Private Servers
Summary
Add support for static username and password authentication for private/self-hosted deployments of the SMS Gateway server.
Problem
Currently, authentication relies on token/session-based mechanisms.
For private deployments running inside trusted environments (LAN, VPN, home server, Docker Compose, internal company infrastructure), it would be useful to support simple static credentials configured via environment variables or configuration files.
This would simplify:
Self-hosted setups
Reverse proxy integrations
Internal/private usage
Automation scripts
Lightweight deployments without external auth providers
Proposed Solution
Allow the server to optionally authenticate requests using static credentials.
Example environment variables:
SMS_GATEWAY_AUTH_USER=admin
SMS_GATEWAY_AUTH_PASSWORD=strongpassword
Or alternatively:
BASIC_AUTH_USER=admin
BASIC_AUTH_PASSWORD=strongpassword
Expected Behavior
When enabled:
Requests to protected API endpoints require Basic Auth credentials
Credentials are validated against configured static values
Existing token/session authentication continues working normally
Feature remains optional and disabled by default
Example Request
curl -u admin:strongpassword
http://localhost:3000/api/mobile/v1/message
Suggested Use Cases
Docker Compose deployments
Home servers
Small business installations
Internal company infrastructure
Self-hosted SMS relay setups
Reverse proxy protected environments
Benefits
Easier self-hosting
Simpler configuration for non-technical users
Better compatibility with automation tools
Reduces dependency on external auth systems
Useful for trusted/private networks
Additional Notes
Feature should be optional
Credentials should never be hardcoded
Environment variable configuration is preferred
Compatible with existing authentication system
Could reuse existing middleware for Basic Auth validation
Possible Implementation
Pseudo-flow:
If BASIC_AUTH_USER and BASIC_AUTH_PASSWORD exist:
Enable Basic Auth middleware
Validate Authorization header
Else:
Continue using current auth flow
Environment
Self-hosted deployment
Docker Compose
Reverse proxy (Nginx/Traefik/Cloudflare Tunnel)
Android SMS Gateway clients
Feature Request: Static Username & Password Authentication for Private Servers
Summary
Add support for static username and password authentication for private/self-hosted deployments of the SMS Gateway server.
Problem
Currently, authentication relies on token/session-based mechanisms.
For private deployments running inside trusted environments (LAN, VPN, home server, Docker Compose, internal company infrastructure), it would be useful to support simple static credentials configured via environment variables or configuration files.
This would simplify:
Self-hosted setups
Reverse proxy integrations
Internal/private usage
Automation scripts
Lightweight deployments without external auth providers
Proposed Solution
Allow the server to optionally authenticate requests using static credentials.
Example environment variables:
SMS_GATEWAY_AUTH_USER=admin
SMS_GATEWAY_AUTH_PASSWORD=strongpassword
Or alternatively:
BASIC_AUTH_USER=admin
BASIC_AUTH_PASSWORD=strongpassword
Expected Behavior
When enabled:
Requests to protected API endpoints require Basic Auth credentials
Credentials are validated against configured static values
Existing token/session authentication continues working normally
Feature remains optional and disabled by default
Example Request
curl -u admin:strongpassword
http://localhost:3000/api/mobile/v1/message
Suggested Use Cases
Docker Compose deployments
Home servers
Small business installations
Internal company infrastructure
Self-hosted SMS relay setups
Reverse proxy protected environments
Benefits
Easier self-hosting
Simpler configuration for non-technical users
Better compatibility with automation tools
Reduces dependency on external auth systems
Useful for trusted/private networks
Additional Notes
Feature should be optional
Credentials should never be hardcoded
Environment variable configuration is preferred
Compatible with existing authentication system
Could reuse existing middleware for Basic Auth validation
Possible Implementation
Pseudo-flow:
If BASIC_AUTH_USER and BASIC_AUTH_PASSWORD exist:
Enable Basic Auth middleware
Validate Authorization header
Else:
Continue using current auth flow
Environment
Self-hosted deployment
Docker Compose
Reverse proxy (Nginx/Traefik/Cloudflare Tunnel)
Android SMS Gateway clients