wai-middleware-auth: Authentication middleware that secures WAI application

[ library, mit, program, web ] [ Propose Tags ] [ Report a vulnerability ]

Please see the README and Haddocks at https://www.stackage.org/package/wai-middleware-auth

[Skip to Readme]

Modules

[Last Documentation]

Network
- Wai
  - Auth
    - Network.Wai.Auth.Executable
    - Network.Wai.Auth.Internal
  - Middleware
    - Network.Wai.Middleware.Auth
      - Network.Wai.Middleware.Auth.OAuth2
        Network.Wai.Middleware.Auth.OAuth2.Github
        Network.Wai.Middleware.Auth.OAuth2.Gitlab
        Network.Wai.Middleware.Auth.OAuth2.Google
      - Network.Wai.Middleware.Auth.OIDC
      - Network.Wai.Middleware.Auth.Provider

Downloads

wai-middleware-auth-0.2.6.0.tar.gz [browse] (Cabal source package)
Package description (revised from the package)

Note: This package has metadata revisions in the cabal description newer than included in the tarball. To unpack the package including the revisions, use 'cabal get'.

Maintainer's Corner

Package maintainers

MichaelSnoyman, lehins, JasperWoudenberg

For package maintainers and hackage trustees

edit package information

Candidates

No Candidates

Versions [RSS]	0.1.0.0, 0.1.1.0, 0.1.1.1, 0.1.1.2, 0.1.2.0, 0.1.2.1, 0.2.0.0, 0.2.1.0, 0.2.3.0, 0.2.3.1, 0.2.4.1, 0.2.5.0, 0.2.5.1, 0.2.6.0
Change log	CHANGELOG.md
Dependencies	aeson (<2), base (>=4.12 && <5), base64-bytestring, binary, blaze-builder, blaze-html, bytestring, case-insensitive, cereal, clientsession, cookie (>=0.4.2), exceptions, hoauth2 (>=1.11 && <1.17), http-client, http-client-tls, http-conduit, http-reverse-proxy, http-types, jose (>=0.8.0), microlens, mtl, optparse-applicative, optparse-simple, regex-posix, safe-exceptions, shakespeare, text, time, unix-compat, unordered-containers, uri-bytestring, vault, wai (>=3.0 && <4), wai-app-static, wai-extra (>=3.0.7), wai-middleware-auth, warp, yaml [details]
License	MIT
Author	Alexey Kuleshevich
Maintainer	alexey@fpcomplete.com
Revised	Revision 1 made by AndreasAbel at 2022-07-21T10:20:17Z
Category	Web
Source repo	head: git clone https://github.com/fpco/wai-middleware-auth
Uploaded	by MichaelSnoyman at 2022-03-24T08:32:14Z
Distributions
Reverse Dependencies	2 direct, 0 indirect [details]
Executables	wai-auth
Downloads	6378 total (57 in the last 30 days)
Rating	2.0 (votes: 1) [estimated by Bayesian average]
Your Rating	λ λ λ
Status	Docs not available [build log] All reported builds failed as of 2022-03-24 [all 2 reports]

Readme for wai-middleware-auth-0.2.6.0

[back to package description]

wai-middleware-auth

Middleware that secures WAI application

Installation

$ stack install wai-middleware-auth

$ cabal install wai-middleware-auth

wai-auth

Along with middleware this package ships with an executable wai-auth, which can function as a protected file server or a reverse proxy. Right from the box it supports OAuth2 authentication as well as it's custom implementations for Google and Github.

Configuration is done using a yaml config file. Here is a sample file that will configure wai-auth to run a file server with Google, GitHub, and GitLab authentication on http://localhost:3000:

app_root: "_env:APPROOT:http://localhost:3000"
app_port: 3000
cookie_age: 3600
secret_key: "...+vwscbKR4DyPT"
file_server:
  root_folder: "/path/to/html/files"
  redirect_to_index: true
  add_trailing_slash: true
providers:
  github:
    client_id: "...94cc"
    client_secret: "...166f"
    app_name: "Dev App for wai-middleware-auth"
    email_white_list:
      - "^[a-zA-Z0-9._%+-]+@example.com$"
  google:
    client_id: "...qlj.apps.googleusercontent.com"
    client_secret: "...oxW"
    email_white_list:
      - "^[a-zA-Z0-9._%+-]+@example.com$"
  gitlab:
    client_id: "...9cfc"
    client_secret: "...f0d0"
    app_name: "Dev App for wai-middleware-auth"
    email_white_list:
      - "^[a-zA-Z0-9._%+-]+@example.com$"

Above configuration will also block access to users that don't have an email with example.com domain. There is also a secret_key field which will be used to encrypt the session cookie. In order to generate a new random key run this command:

$ echo $(wai-auth key --base64)
azuCFq0zEBkLSXhQrhliZzZD8Kblo...

Make sure you have proper callback/redirect urls registered with google/github/gitlab apps, eg: http://localhost:3000/_auth_middleware/google/complete.

After configuration file is ready, running application is very easy:

$ wai-auth --config-file=/path/to/config.yaml
Listening on port 3000

Reverse proxy

To use a reverse proxy instead of a file server, replace file_server with reverse_proxy, eg:

reverse_proxy:
  host: myapp.example.com
  port: 80
  secure: false

Self-hosted GitLab

The GitLab provider also supports using a self-hosted GitLab instance by setting the gitlab_host field. In this case you may also want to override the provider_info to change the title, logo, and description. For example:

providers:
  gitlab:
    gitlab_host: gitlab.mycompany.com
    client_id: "...9cfc"
    client_secret: "...f0d0"
    app_name: "Dev App for wai-middleware-auth"
    email_white_list:
      - "^[a-zA-Z0-9._%+-]+@mycompany.com$"
    provider_info:
      title: My Company's GitLab
      logo_url: https://mycompany.com/logo.png
      descr: Use your My Company GitLab account to access this page.