Basic auth #232
Merged
Basic auth #232
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jonhealy1
reviewed
Apr 26, 2024
jonhealy1
approved these changes
Apr 28, 2024
Collaborator
jonhealy1
left a comment
jonhealy1
left a comment
There was a problem hiding this comment.
Nice work Pedro. I will wait to merge this, in case anyone has any thoughts.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related Issue(s):
Description:
Basic Auth
Environment Variable Configuration
Basic authentication is an optional feature. You can enable it by setting the environment variable
BASIC_AUTHas a JSON string.Example:
User Permissions Configuration
In order to set endpoints with specific access permissions, you can configure the
userskey with a list of user objects. Each user object should contain the username, password, and their respective permissions.Example: This example illustrates the configuration for two users: an admin user with full permissions (*) and a reader user with limited permissions to specific read-only endpoints.
{ "users": [ { "username": "admin", "password": "admin", "permissions": "*" }, { "username": "reader", "password": "reader", "permissions": [ {"path": "/", "method": ["GET"]}, {"path": "/conformance", "method": ["GET"]}, {"path": "/collections/{collection_id}/items/{item_id}", "method": ["GET"]}, {"path": "/search", "method": ["GET", "POST"]}, {"path": "/collections", "method": ["GET"]}, {"path": "/collections/{collection_id}", "method": ["GET"]}, {"path": "/collections/{collection_id}/items", "method": ["GET"]}, {"path": "/queryables", "method": ["GET"]}, {"path": "/queryables/collections/{collection_id}/queryables", "method": ["GET"]}, {"path": "/_mgmt/ping", "method": ["GET"]} ] } ] }Public Endpoints Configuration
In order to set endpoints with public access, you can configure the public_endpoints key with a list of endpoint objects. Each endpoint object should specify the path and method of the endpoint.
Example: This example demonstrates the configuration for public endpoints, allowing access without authentication to read-only endpoints.
{ "public_endpoints": [ {"path": "/", "method": "GET"}, {"path": "/conformance", "method": "GET"}, {"path": "/collections/{collection_id}/items/{item_id}", "method": "GET"}, {"path": "/search", "method": "GET"}, {"path": "/search", "method": "POST"}, {"path": "/collections", "method": "GET"}, {"path": "/collections/{collection_id}", "method": "GET"}, {"path": "/collections/{collection_id}/items", "method": "GET"}, {"path": "/queryables", "method": "GET"}, {"path": "/queryables/collections/{collection_id}/queryables", "method": "GET"}, {"path": "/_mgmt/ping", "method": "GET"} ], "users": [ { "username": "admin", "password": "admin", "permissions": "*" } ] }Docker Compose Configurations
See
docker-compose.basic_auth_protected.ymlanddocker-compose.basic_auth_public.ymlfor basic authentication configurations.PR Checklist:
pre-commit run --all-files)make test)