authenticating

thalassa has no userbase, it's instead secured by a single primary password for the administrator which is created during first sign-in

once you're signed in your session should last indefinitely

any time you sign in using the primary password a new admin token is created and assigned to you

authentication tokens stored as a cookie are the method used to identify yourself

along with admin tokens (which have full access to all the site's features) there are two other types of tokens which you can generate and share with people

helper

helper tokens allow someone to search for all files in the archive, even ones marked #hidden or #protected

people with helper tokens can also add tags to files (they cannot remove tags, add new files, remove files, change publish times, or view the admin panel, etc.)

viewer

viewer tokens allow someone to search for files tagged #protected, and have no additional permissions

files tagged #hidden are still not returned in search results for people with viewer tokens

keep in mind that anyone can view a file directly, or load its view page, if they know its url or file ID even if it is tagged #hidden

read more on the important privacy and security concerns page