search

Stiffstream / restinio

Cross-platform, efficient, customizable, and robust asynchronous HTTP(S)/WebSocket server C++ library with the right balance between performance and ease of use
Other
1.16k stars 93 forks source link

Full basic auth example #128

Closed undici77 closed 4 years ago

undici77 commented 4 years ago

Hello, I'm searching some basic auth example, in order to create a restinio webserver but I can't fine any example. I found in documentation how to parse a restinio::request_handle_t but I can't find way to enable request during restinio webserver creation. Can someone help me?

Thanks!

eao197 commented 4 years ago

Hi, @undici77 !

I can't find way to enable request during restinio webserver creation

What do you mean here? Could you provide a more detailed explanation of your problem?

PS. The work with auth-related headers is explained here: https://stiffstream.com/en/docs/restinio/0.6/varioushelpers.html#authorization-helpers

undici77 commented 4 years ago

Thanks for quick answer!

I already found authorization-helpers page, and with curl -H "Authorization: Basic ..." I can get username and password, but I'm trying to embed an html page in order to do the same with Firefox but browser tell me: "You are about to log in to the site“ 127.0.0.1 ”with the username“ username ”, but the website does not require authentication."

Is it a restinio wrong configuration in my project or something about Basic Authentication I didn't understand?

eao197 commented 4 years ago

It seems that a page that is generated by a web-server should have WWW-Authenticate header with the appropriate values. See https://en.wikipedia.org/wiki/Basic_access_authentication#Server_side and https://tools.ietf.org/html/rfc7235#section-4.1 for more details.

undici77 commented 4 years ago

Thanks for answer! After some time I came back problem and I got solution. I attach below solution in order to help who will search solution:

    router->http_get(R"(/api/v1/test)",
                     [&registry, this](const restinio::request_handle_t request, restinio::router::route_params_t parameters)
    {
        using namespace restinio::http_field_parsers::basic_auth;
        auto opt_field_value = request->header().opt_value_of(restinio::http_field::authorization);
        if (opt_field_value)
        {
            const auto auth_params = try_extract_params(*request, restinio::http_field::authorization);
            if (auth_params)
            {
                std::cout << auth_params->username << " - " << auth_params->password << std::endl;
            }

            BuildResponse(request->create_response())
            .append_header(restinio::http_field::content_type, "application/json")
            .set_body("{\"test\": \"ok\"}\r\n")
            .done();
        }
        else
        {
            return(request->create_response(restinio::status_unauthorized())
                  .append_header("Cache-Control", "no-cache,no-store")
                  .append_header( "WWW-Authenticate", "Basic realm=\"sample\"" )
                  .connection_close()
                  .done());

        }

        return (restinio::request_accepted());
    });
eao197 commented 4 years ago

@undici77 Thanks for the feedback and the code example!