wai-middleware-auth: Authentication middleware that secures WAI application
Please see the README and Haddocks at https://www.stackage.org/package/wai-middleware-auth
[Skip to Readme]
Modules
[Index] [Quick Jump]
- Network
- Wai
- Auth
- Network.Wai.Auth.Executable
- Network.Wai.Auth.Internal
- Middleware
- Auth
- Wai
Downloads
- wai-middleware-auth-0.2.5.0.tar.gz [browse] (Cabal source package)
- Package description (revised from the package)
Note: This package has metadata revisions in the cabal description newer than included in the tarball. To unpack the package including the revisions, use 'cabal get'.
Maintainer's Corner
For package maintainers and hackage trustees
Candidates
- No Candidates
| Versions [RSS] | 0.1.0.0, 0.1.1.0, 0.1.1.1, 0.1.1.2, 0.1.2.0, 0.1.2.1, 0.2.0.0, 0.2.1.0, 0.2.3.0, 0.2.3.1, 0.2.4.1, 0.2.5.0, 0.2.5.1, 0.2.6.0 |
|---|---|
| Change log | CHANGELOG.md |
| Dependencies | aeson (<2), base (>=4.12 && <5), base64-bytestring, binary, blaze-builder, blaze-html, bytestring, case-insensitive, cereal, clientsession, cookie (>=0.4.2), exceptions, hoauth2 (>=1.11 && <1.17), http-client, http-client-tls, http-conduit, http-reverse-proxy, http-types, jose (>=0.8.0), microlens, mtl, optparse-applicative, optparse-simple, regex-posix, safe-exceptions, shakespeare, text, time, unix-compat, unordered-containers, uri-bytestring, vault, wai (>=3.0 && <4), wai-app-static, wai-extra (>=3.0.7), wai-middleware-auth, warp, yaml [details] |
| License | MIT |
| Author | Alexey Kuleshevich |
| Maintainer | alexey@fpcomplete.com |
| Revised | Revision 1 made by AndreasAbel at 2022-07-21T10:20:15Z |
| Category | Web |
| Source repo | head: git clone https://github.com/fpco/wai-middleware-auth |
| Uploaded | by MichaelSnoyman at 2021-06-14T06:04:51Z |
| Distributions | |
| Reverse Dependencies | 2 direct, 0 indirect [details] |
| Executables | wai-auth |
| Downloads | 6378 total (57 in the last 30 days) |
| Rating | 2.0 (votes: 1) [estimated by Bayesian average] |
| Your Rating | |
| Status | Docs available [build log] Last success reported on 2021-06-14 [all 1 reports] |
Readme for wai-middleware-auth-0.2.5.0
[back to package description]wai-middleware-auth
Middleware that secures WAI application
Installation
$ stack install wai-middleware-auth
OR
$ cabal install wai-middleware-auth
wai-auth
Along with middleware this package ships with an executable wai-auth, which
can function as a protected file server or a reverse proxy. Right from the box
it supports OAuth2 authentication as well as it's custom implementations for
Google and Github.
Configuration is done using a yaml config file. Here is a sample file that will
configure wai-auth to run a file server with Google, GitHub, and GitLab
authentication on http://localhost:3000:
app_root: "_env:APPROOT:http://localhost:3000"
app_port: 3000
cookie_age: 3600
secret_key: "...+vwscbKR4DyPT"
file_server:
root_folder: "/path/to/html/files"
redirect_to_index: true
add_trailing_slash: true
providers:
github:
client_id: "...94cc"
client_secret: "...166f"
app_name: "Dev App for wai-middleware-auth"
email_white_list:
- "^[a-zA-Z0-9._%+-]+@example.com$"
google:
client_id: "...qlj.apps.googleusercontent.com"
client_secret: "...oxW"
email_white_list:
- "^[a-zA-Z0-9._%+-]+@example.com$"
gitlab:
client_id: "...9cfc"
client_secret: "...f0d0"
app_name: "Dev App for wai-middleware-auth"
email_white_list:
- "^[a-zA-Z0-9._%+-]+@example.com$"
Above configuration will also block access to users that don't have an email
with example.com domain. There is also a secret_key field which will be used
to encrypt the session cookie. In order to generate a new random key run this command:
$ echo $(wai-auth key --base64)
azuCFq0zEBkLSXhQrhliZzZD8Kblo...
Make sure you have proper callback/redirect urls registered with
google/github/gitlab apps, eg:
http://localhost:3000/_auth_middleware/google/complete.
After configuration file is ready, running application is very easy:
$ wai-auth --config-file=/path/to/config.yaml
Listening on port 3000
Reverse proxy
To use a reverse proxy instead of a file server, replace file_server with
reverse_proxy, eg:
reverse_proxy:
host: myapp.example.com
port: 80
Self-hosted GitLab
The GitLab provider also supports using a self-hosted GitLab instance by
setting the gitlab_host field. In this case you may also want to override
the provider_info to change the title, logo, and description. For example:
providers:
gitlab:
gitlab_host: gitlab.mycompany.com
client_id: "...9cfc"
client_secret: "...f0d0"
app_name: "Dev App for wai-middleware-auth"
email_white_list:
- "^[a-zA-Z0-9._%+-]+@mycompany.com$"
provider_info:
title: My Company's GitLab
logo_url: https://mycompany.com/logo.png
descr: Use your My Company GitLab account to access this page.