Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Static website: HTTP auth protection #79

Open
mnapoli opened this issue Jul 15, 2021 · 4 comments
Open

Static website: HTTP auth protection #79

mnapoli opened this issue Jul 15, 2021 · 4 comments
Labels
enhancement New feature or request

Comments

@mnapoli
Copy link
Member

mnapoli commented Jul 15, 2021
edited
Loading

It would be useful to let protect a static website with some kind of auth system. It would be great to provide staging versions of a website not public available.

Maybe with Cloudfront function could be achieved something like basic authentication with username/password credentials?

Originally posted by @andrea-cristaudo in #5 (comment)

Also reported in #78 by @InvisibleKind
@mnapoli mnapoli added the enhancement New feature or request label Jul 15, 2021
@t-richard
Copy link
Contributor

This gets the job done. Only downide is that Cloudfront functions don't support base64 encoding functions (the Buffer class is not available and atob is browser only) so the encoding has to be done when creating the function and hardcoded into the string.

Here the user is user and the password is password. The base64 encoded string is user:password.

function handler(event) {
    var request = event.request;
    var headers = request.headers;
    var auth = 'Basic dXNlcjpwYXNzd29yZA==';
    
    if (headers.authorization === undefined || headers.authorization.value !== auth) {
        return {
            statusCode: 401,
            statusDescription: 'Unauthorized',
            headers: { 
                'www-authenticate': { value: 'Basic' }
            }
        };
    }
    
    return request;
}

@InvisibleKind
Copy link

@t-richard I was able to achieve it without btoa, simply with var authString = 'Basic ' + (authUser + ':' + authPass).toString('base64');
You can check #78 for a complete function code. Also I have made it possible to pass user and password as CloudFormation parameters in a build time, to get the hardcoded credentials out of Git. You can find my solution in a comments to that discussion.

@devsdevsdevs
Copy link

@t-richard How would I be able to integrate this function code within the static-website construct?

@t-richard
Copy link
Contributor

@devsdevsdevs it would be hard to do it for now because Lift does not provide an easy way to do it.

Maybe this will allow extensibility #52

The only solution I see is using https://www.serverless.com/framework/docs/providers/aws/guide/resources/#override-aws-cloudformation-resource

But this is not ideal as you will need to rewrite the entire Distribution resource because.

If a property with the same name exists in the resource, the value will be replaced with the extension value.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mnapoli @InvisibleKind @t-richard @devsdevsdevs