Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mora Authentication #18

Closed
crackcomm opened this issue Oct 6, 2013 · 7 comments
Closed

Mora Authentication #18

crackcomm opened this issue Oct 6, 2013 · 7 comments

Comments

@crackcomm
Copy link
Contributor

Hey, I'd like to have some authentication options for mora API usage.
I think it should be some out-of mongo, distributable authentication service, maybe Keystone (api docs) which is common choice in public and private clouds today as it's part of popular and strong OpenStack.
I would like to hear other options and opinions about them, and maybe some voices against my word because Keystone was just a shot.
@emicklei
Copy link
Owner

Sorry about replying to this issue this late.

Do you think Mora should perform such authentication (it already can do Mongo auth)? Another option is put such a service in front of Mora. Apache and Nginx both could perform this task.

@crackcomm
Copy link
Contributor Author

I think mora is actually well performing HTTP server in it's current form and users should have an option to use authentication in it. Also it is a problem for PaaS users who doesn't always have possibility to configure loadbalancer or any intermediary server in infrastructure in such way.

@emicklei
Copy link
Owner

in the past, i have used HMAC to protect an Api. Kind of the way Amazon AWS
apis are accessible. Another feature that spings to mind is rate-limiting.
What kinds of schemes were you thinking of? We could provide filter
implementations to Mora for the user to configure.

On Monday, March 10, 2014, Łukasz Kurowski notifications@github.com wrote:

I think mora is actually well performing HTTP server in it's current form
and users should have an option to use authentication in it. Also it is a
problem for PaaS users who doesn't always have possibility to configure
loadbalancer or any intermediary server in infrastructure in such way.


Reply to this email directly or view it on GitHubhttps://github.com//issues/18#issuecomment-37192323
.

^ Ernest Micklei

http://ernestmicklei.com

@crackcomm
Copy link
Contributor Author

Yes, I think we should provide few basic filters which could be enabled in configuration file.

Example config section:

mora.filters = basic_auth,other_defined
mora.filters.basic_auth.username = admin
mora.filters.basic_auth.password = password

example implementation

var registeredFilers map[string](func(p properties.Properties) func(req *restful.Request, resp *restful.Response))

func init() {
    // basic authentication filter
    registeredFilters["basic_auth"] = func(p properties.Properties) func(req *restful.Request, resp *restful.Response) {
        var (
            username = p.GetString("username", "")
            password = p.GetString("password", "")
        )

        return func(req *restful.Request, resp *restful.Response) {
            // authenticate here
        }
    }
}

func initializeRouter() { //proto
    filters := strings.Split(props.GetString("mora.filters"), ",")

    for _, name := range filters {
        if filter := registeredFilters[name]; filter != nil {
            fn := filter(props.SelectProperties(fmt.Sprintf("mora.filters.%s", name)))
            route.Filter(fn)
        }
    }
}

@emicklei
Copy link
Owner

good idea to have filter implementations and let users configure their
settings.

The hard part is to think about what filters to offer.

On Monday, March 10, 2014, Łukasz Kurowski notifications@github.com wrote:

Yes, I think we should provide few basic filters which could be enabled in
configuration file.

Example config section:

mora.filters = basic_auth,other_definedmora.filters.basic_auth.username = adminmora.filters.basic_auth.password = password

example implementation

var registeredFilers map[string](func%28p properties.Properties%29 func%28req *restful.Request, resp *restful.Response%29)
func init() {
// basic authentication filter
registeredFilters["basic_auth"] = func(p properties.Properties) func(req *restful.Request, resp *restful.Response) {
var username, password = p.GetString("username", ""), p.GetString("password", "")

    return func(req *restful.Request, resp *restful.Response) {
        // authenticate here
    }
}}

func initializeRouter() { //proto
filters := strings.Split(props.GetString("mora.filters"), "")

for _, name := range filters {
    if filter := registeredFilters[name]; filter != nil {
        fn := filter(props.SelectProperties(fmt.Sprintf("mora.filters.%s", name)))
        route.Filter(fn)
    }
}}


Reply to this email directly or view it on GitHubhttps://github.com//issues/18#issuecomment-37215140
.

^ Ernest Micklei

http://ernestmicklei.com

@crackcomm
Copy link
Contributor Author

I think just basic auth should be fine for now. IMO we should create a new directory which will contain one filter per file so it would be easy to make a new one for any contributor without digging into any additional code.

@emicklei
Copy link
Owner

Along the vision of the new structure, we could have a subpkg contains auth method implementations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crackcomm @emicklei