Closed TIMAI2 closed 2 years ago
TIMAI2
commented
2 years ago OK, I believe I have it figured out:
...
{"http_basic_auth": "user1:pass1", "enabled": ["*"]},
{"http_basic_auth": "user2:pass2", "enabled": ["*"]},
{"http_basic_auth": "user3:pass3", "enabled": ["*"]}
...and so on. From reading the docs it says that one would override the other...
What if I have 100's/1000's of users? Do I have to manually enter these in the webdis.conf ?
nicolasff
commented
2 years ago Hi Tim,
Yes this is the only way to configure basic auth credentials at this time. If you have hundreds of users you'd likely need to automate this process and generate this part of the configuration from some authoritative directory like LDAP or whatever else you're using. The config file being JSON, you could use something like jq to take an existing "template" config file and add the credentials to it. For example, starting with this in webdis.json.tpl:
{
"redis_host": "127.0.0.1",
"redis_port": 6379,
"redis_auth": null,
"http_host": "0.0.0.0",
"http_port": 7379,
"threads": 5,
"pool_size": 20,
"daemonize": false,
"websockets": true,
"database": 0,
"acl": [
{
"disabled": ["DEBUG"]
}
],
"verbosity": 4,
"logfile": "webdis.log"
}Running a simple loop with .acl += [...]:
cp webdis.json.tpl webdis.json.tmp
for i in $(seq 1 3); do
username="user-$i"
password="password-$i"
jq '.acl += [{"http_basic_auth": "'$username':'$password'", "enabled": ["GET"]}]' webdis.json.tmp > temp
mv temp webdis.json.tmp
done
mv webdis.json.tmp webdis-final.jsonWhich produces in webdis-final.json:
{
"redis_host": "127.0.0.1",
"redis_port": 6379,
"redis_auth": null,
"http_host": "0.0.0.0",
"http_port": 7379,
"threads": 5,
"pool_size": 20,
"daemonize": false,
"websockets": true,
"database": 0,
"acl": [
{
"disabled": [
"DEBUG"
]
},
{
"http_basic_auth": "user-1:password-1",
"enabled": [
"GET"
]
},
{
"http_basic_auth": "user-2:password-2",
"enabled": [
"GET"
]
},
{
"http_basic_auth": "user-3:password-3",
"enabled": [
"GET"
]
}
],
"verbosity": 4,
"logfile": "webdis.log"
}Just find what works best for you.
TIMAI2
commented
2 years ago Thank you Nicolas for confirming my findings. :)
I had thought about doing some thing with a bash script to load the user credentials. Still undecided as to how to approach user authentication. I am working with MIT AppInventor2 as a front end, so can quite possibly control users from there, storing their user credentials in Redis itself, and just have a single user in webdis.
TIMAI2
commented
2 years ago Just for completeness my effort using bash:
webdis.conf
{
"redis_host": "127.0.0.1",
"redis_port": 6379,
"redis_auth": null,
"http_host": "0.0.0.0",
"http_port": 7379,
"threads": 5,
"pool_size": 20,
"daemonize": false,
"websockets": true,
"database": 0,
"acl": [
{"disabled": ["DEBUG"]},
{"http_basic_auth": "user1:pass1", "enabled": ["GET"]}
],
"verbosity": 4,
"logfile": "webdis.log"
}(note: needs the first user already in place (no comma at end)
Text file with users (users.text)
user2:pass2
user3:pass3
user4:pass4
user5:pass5Bash Script:
#!/bin/bash
while IFS= read -r line; do
sed -i '/{\"disabled\"\: \[\"DEBUG\"\]}\,/a \ {"http_basic_auth": "'$line'", "enabled": ["GET"]},' webdis.conf
done < "$1"Run script from command line:
./setlines.sh users.txtresultant webdis.conf
{
"redis_host": "127.0.0.1",
"redis_port": 6379,
"redis_auth": null,
"http_host": "0.0.0.0",
"http_port": 7379,
"threads": 5,
"pool_size": 20,
"daemonize": false,
"websockets": true,
"database": 0,
"acl": [
{"disabled": ["DEBUG"]},
{"http_basic_auth": "user5:pass5", "enabled": ["GET"]},
{"http_basic_auth": "user4:pass4", "enabled": ["GET"]},
{"http_basic_auth": "user3:pass3", "enabled": ["GET"]},
{"http_basic_auth": "user2:pass2", "enabled": ["GET"]},
{"http_basic_auth": "user1:pass1", "enabled": ["GET"]}
],
"verbosity": 4,
"logfile": "webdis.log"
}
How do I add more than one user/pass in the ACL? (e.g. a long list of users and their passwords - tim:123,tom:234,sue:456....)