package ocsigenserver

  1. Overview
  2. Docs
A full-featured and extensible Web server

Install

Dune Dependency

ocsigen.org Readme Edit opam file Versions (16)

Authors

  1. D
    dev@ocsigen.org

Maintainers

  1. D
    dev@ocsigen.org

Sources

6.0.0.tar.gz
md5=001e22ec2da3ab08840f934a8f005859
sha512=59f36fdf0a640117aa562d1d9ef96b7146843d9b72d71d01366640521405550074e03267fb388c5e685542781fc4bce763818a36cf05c0e033fae5e51c2f1496

doc/authbasic/Authbasic/index.html

Module AuthbasicSource

Authbasic: Basic HTTP authentication

If you want to use this extension with Ocsigen Server's configuration file, have a look at the <<a_manual chapter="authbasic"|manual page>>. If you are using Ocsigen Server as a library, use the interface described here. Each of these functions behaves exactly as its configuration file counterpart.

This module belongs to ocamlfind package ocsigenserver.ext.authbasic.

Example of use:

let _ =
   Ocsigen_server.start
     [ Ocsigen_server.host ~regexp:".*"
       [ Authbasic.run ~realm:"test"
            ~auth:(fun u p -> Lwt.return (u = "theuser" && p = "thepassword"))
            () 
       ; Staticmod.run ~dir:"static" () ]]

This module implements Basic HTTP Authentication as described in RFC 2617. It can be used to add an authentication layer to sites with no built-in authentication (e.g. static files). Beware, passwords are transmitted in cleartext with this scheme, so the medium should be secured somehow (by e.g. SSL).

This module implements only the HTTP-related part of the protocol, and is meant to be extended with various authentication schemes. A very naive one (authentication with a single user/password, given in the configuration file) is provided.

Sourceval section : Lwt_log_core.section

use Lwt_log.Section.set_level in order to set the log level

Sourcetype auth = string -> string -> bool Lwt.t
Sourceval register_basic_authentication_method : (Xml.xml -> auth) -> unit

This function registers an authentication plugin: it adds a new parser to the list of available authentication schemes.

This is only applied if you are running the server with an XML configuration file. Use the realm, auth variables otherwise.

A parser takes as argument an XML tree (corresponding to the first son of an <authbasic> element in the configuration file) and returns an authentication function f. f will be called for each request with the supplied user and password and should return (cooperatively) a boolean telling whether access is granted or not. Exceptions are handled the same way as for extension parsers.

The <authbasic> element must have a realm attribute, giving some identifier to the resource which is protected (several resources on the same hostname can share the same realm). This gives a general customization scheme "for free" from the point of view of plugin developers and is totally transparent to the plugin.

Sourceval run : realm:string -> auth:auth -> unit -> Ocsigen_server.instruction

run ~realm ~auth () makes it possible to use this extension without configuration file.

OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct