Browse Source

Added basic auth

pull/7/head
Victor Roest 2 years ago
parent
commit
5c9c08a82f
Signed by: 0x76 GPG Key ID: A3923C699D1A3BDA
  1. 6
      .gitignore
  2. 2
      config/dev.exs
  3. 16
      config/runtime.exs
  4. 35
      lib/dps_web/channels/user_socket.ex
  5. 3
      lib/dps_web/controllers/page_controller.ex
  6. 5
      lib/dps_web/endpoint.ex
  7. 39
      lib/dps_web/router.ex

6
.gitignore

@ -28,4 +28,8 @@ dps-*.tar
# /priv/static/
# The language server temp files
/.elixir_ls/
/.elixir_ls/
# Jetbrains ide files
/.idea/
*.impl

2
config/dev.exs

@ -41,3 +41,5 @@ config :phoenix, :stacktrace_depth, 20
# Initialize plugs at runtime for faster development compilation
config :phoenix, :plug_init_mode, :runtime
config :dps, :basic_auth, username: "user", password: "secret"

16
config/runtime.exs

@ -32,4 +32,20 @@ if config_env() == :prod do
secret_key_base: secret_key_base
config :dps, DpsWeb.Endpoint, server: true
auth_user =
System.get_env("AUTH_USERNAME") ||
raise """
environment variable AUTH_USERNAME is missing.
This is used for authenticating admin routes.
"""
auth_pass =
System.get_env("AUTH_PASSWORD") ||
raise """
environment variable AUTH_USERNAME is missing.
This is used for authenticating admin routes.
"""
config :dps, :basic_auth, username: auth_user, password: auth_pass
end

35
lib/dps_web/channels/user_socket.ex

@ -1,35 +0,0 @@
defmodule DpsWeb.UserSocket do
use Phoenix.Socket
## Channels
# channel "room:*", DpsWeb.RoomChannel
# Socket params are passed from the client and can
# be used to verify and authenticate a user. After
# verification, you can put default assigns into
# the socket that will be set for all channels, ie
#
# {:ok, assign(socket, :user_id, verified_user_id)}
#
# To deny connection, return `:error`.
#
# See `Phoenix.Token` documentation for examples in
# performing token verification on connect.
@impl true
def connect(_params, socket, _connect_info) do
{:ok, socket}
end
# Socket id's are topics that allow you to identify all sockets for a given user:
#
# def id(socket), do: "user_socket:#{socket.assigns.user_id}"
#
# Would allow you to broadcast a "disconnect" event and terminate
# all active sockets and channels for a given user:
#
# DpsWeb.Endpoint.broadcast("user_socket:#{user.id}", "disconnect", %{})
#
# Returning `nil` makes this socket anonymous.
@impl true
def id(_socket), do: nil
end

3
lib/dps_web/controllers/page_controller.ex

@ -19,8 +19,7 @@ defmodule DpsWeb.PageController do
def poems(conn, _params) do
poems = Poem.Query.get_all_poems()
conn
|> render("poems.html", poems: poems)
render(conn, "poems.html", poems: poems)
end
def poem(conn, %{"id" => id}) do

5
lib/dps_web/endpoint.ex

@ -10,10 +10,7 @@ defmodule DpsWeb.Endpoint do
signing_salt: "+Y8zQVWZ"
]
socket "/socket", DpsWeb.UserSocket,
websocket: true,
longpoll: false
# Used for the Dashboard
socket "/live", Phoenix.LiveView.Socket, websocket: [connect_info: [session: @session_options]]
# Serve at "/" the static files from "priv/static" directory.

39
lib/dps_web/router.ex

@ -1,5 +1,6 @@
defmodule DpsWeb.Router do
use DpsWeb, :router
import Phoenix.LiveDashboard.Router
pipeline :browser do
plug :accepts, ["html"]
@ -13,18 +14,11 @@ defmodule DpsWeb.Router do
plug :accepts, ["json"]
end
pipeline :api_auth do
plug :accepts, ["json"]
plug :auth
end
defp auth(conn, _opts) do
username = System.fetch_env!("AUTH_USERNAME")
password = System.fetch_env!("AUTH_PASSWORD")
Plug.BasicAuth.basic_auth(conn, username: username, password: password)
Plug.BasicAuth.basic_auth(conn, Application.fetch_env!(:dps, :basic_auth))
end
# The website
# Browser pages
scope "/", DpsWeb do
pipe_through :browser
@ -36,6 +30,14 @@ defmodule DpsWeb.Router do
get "/authors/:id", PageController, :author
end
# Authenticated Browser pages
scope "/" do
pipe_through :browser
pipe_through :auth
live_dashboard "/dashboard", metrics: DpsWeb.Telemetry, ecto_repos: [Dps.Repo]
end
# Public api
scope "/api", DpsWeb do
pipe_through :api
@ -49,25 +51,10 @@ defmodule DpsWeb.Router do
# Authenticated api
scope "/api", DpsWeb do
pipe_through :api_auth
pipe_through :api
pipe_through :auth
post "/authors", AuthorController, :create
post "/poems", PoemController, :create
end
# Enables LiveDashboard only for development
#
# If you want to use the LiveDashboard in production, you should put
# it behind authentication and allow only admins to access it.
# If your application does not have an admins-only section yet,
# you can use Plug.BasicAuth to set up some basic authentication
# as long as you are also using SSL (which you should anyway).
if Mix.env() in [:dev, :test] do
import Phoenix.LiveDashboard.Router
scope "/" do
pipe_through :browser
live_dashboard "/dashboard", metrics: DpsWeb.Telemetry, ecto_repos: [Dps.Repo]
end
end
end

Loading…
Cancel
Save