Added basic auth

2 years ago · 5c9c08a82f
7 changed files with 38 additions and 68 deletions
--- a/.gitignore
+++ b/.gitignore
@ -28,4 +28,8 @@ dps-*.tar
 # /priv/static/

 # The language server temp files
-/.elixir_ls/
+/.elixir_ls/
+
+# Jetbrains ide files
+/.idea/
+*.impl
--- a/config/dev.exs
+++ b/config/dev.exs
@ -41,3 +41,5 @@ config :phoenix, :stacktrace_depth, 20

 # Initialize plugs at runtime for faster development compilation
 config :phoenix, :plug_init_mode, :runtime
+
+config :dps, :basic_auth, username: "user", password: "secret"
--- a/config/runtime.exs
+++ b/config/runtime.exs
@ -32,4 +32,20 @@ if config_env() == :prod do
    secret_key_base: secret_key_base

  config :dps, DpsWeb.Endpoint, server: true
+
+  auth_user =
+    System.get_env("AUTH_USERNAME") ||
+      raise """
+      environment variable AUTH_USERNAME is missing.
+      This is used for authenticating admin routes.
+      """
+
+  auth_pass =
+    System.get_env("AUTH_PASSWORD") ||
+      raise """
+      environment variable AUTH_USERNAME is missing.
+      This is used for authenticating admin routes.
+      """
+
+  config :dps, :basic_auth, username: auth_user, password: auth_pass
 end
--- a/lib/dps_web/channels/user_socket.ex
+++ b/lib/dps_web/channels/user_socket.ex
@ -1,35 +0,0 @@
-defmodule DpsWeb.UserSocket do
-  use Phoenix.Socket
-
-  ## Channels
-  # channel "room:*", DpsWeb.RoomChannel
-
-  # Socket params are passed from the client and can
-  # be used to verify and authenticate a user. After
-  # verification, you can put default assigns into
-  # the socket that will be set for all channels, ie
-  #
-  #     {:ok, assign(socket, :user_id, verified_user_id)}
-  #
-  # To deny connection, return `:error`.
-  #
-  # See `Phoenix.Token` documentation for examples in
-  # performing token verification on connect.
-  @impl true
-  def connect(_params, socket, _connect_info) do
-    {:ok, socket}
-  end
-
-  # Socket id's are topics that allow you to identify all sockets for a given user:
-  #
-  #     def id(socket), do: "user_socket:#{socket.assigns.user_id}"
-  #
-  # Would allow you to broadcast a "disconnect" event and terminate
-  # all active sockets and channels for a given user:
-  #
-  #     DpsWeb.Endpoint.broadcast("user_socket:#{user.id}", "disconnect", %{})
-  #
-  # Returning `nil` makes this socket anonymous.
-  @impl true
-  def id(_socket), do: nil
-end
--- a/lib/dps_web/controllers/page_controller.ex
+++ b/lib/dps_web/controllers/page_controller.ex
@ -19,8 +19,7 @@ defmodule DpsWeb.PageController do
  def poems(conn, _params) do
    poems = Poem.Query.get_all_poems()

-    conn
-    |> render("poems.html", poems: poems)
+    render(conn, "poems.html", poems: poems)
  end

  def poem(conn, %{"id" => id}) do
--- a/lib/dps_web/endpoint.ex
+++ b/lib/dps_web/endpoint.ex
@ -10,10 +10,7 @@ defmodule DpsWeb.Endpoint do
    signing_salt: "+Y8zQVWZ"
  ]

-  socket "/socket", DpsWeb.UserSocket,
-    websocket: true,
-    longpoll: false
-
+  # Used for the Dashboard
  socket "/live", Phoenix.LiveView.Socket, websocket: [connect_info: [session: @session_options]]

  # Serve at "/" the static files from "priv/static" directory.
--- a/lib/dps_web/router.ex
+++ b/lib/dps_web/router.ex
@ -1,5 +1,6 @@
 defmodule DpsWeb.Router do
  use DpsWeb, :router
+  import Phoenix.LiveDashboard.Router

  pipeline :browser do
    plug :accepts, ["html"]
@ -13,18 +14,11 @@ defmodule DpsWeb.Router do
    plug :accepts, ["json"]
  end

-  pipeline :api_auth do
-    plug :accepts, ["json"]
-    plug :auth
-  end
-
  defp auth(conn, _opts) do
-    username = System.fetch_env!("AUTH_USERNAME")
-    password = System.fetch_env!("AUTH_PASSWORD")
-    Plug.BasicAuth.basic_auth(conn, username: username, password: password)
+    Plug.BasicAuth.basic_auth(conn, Application.fetch_env!(:dps, :basic_auth))
  end

-  # The website
+  # Browser pages
  scope "/", DpsWeb do
    pipe_through :browser

@ -36,6 +30,14 @@ defmodule DpsWeb.Router do
    get "/authors/:id", PageController, :author
  end

+  # Authenticated Browser pages
+  scope "/" do
+    pipe_through :browser
+    pipe_through :auth
+
+    live_dashboard "/dashboard", metrics: DpsWeb.Telemetry, ecto_repos: [Dps.Repo]
+  end
+
  # Public api
  scope "/api", DpsWeb do
    pipe_through :api
@ -49,25 +51,10 @@ defmodule DpsWeb.Router do

  # Authenticated api
  scope "/api", DpsWeb do
-    pipe_through :api_auth
+    pipe_through :api
+    pipe_through :auth

    post "/authors", AuthorController, :create
    post "/poems", PoemController, :create
  end
-
-  # Enables LiveDashboard only for development
-  #
-  # If you want to use the LiveDashboard in production, you should put
-  # it behind authentication and allow only admins to access it.
-  # If your application does not have an admins-only section yet,
-  # you can use Plug.BasicAuth to set up some basic authentication
-  # as long as you are also using SSL (which you should anyway).
-  if Mix.env() in [:dev, :test] do
-    import Phoenix.LiveDashboard.Router
-
-    scope "/" do
-      pipe_through :browser
-      live_dashboard "/dashboard", metrics: DpsWeb.Telemetry, ecto_repos: [Dps.Repo]
-    end
-  end
 end