耶索德 - 密码保护暂存网站 [英] yesod -- password protecting staging site

问题描述

我试图建立我耶索德Webserver的分期实例，我想知道是否有一些简单的方法来保护整个网站的密码。具体来说，我希望能够以提示那些谁浏览到我的网站的凭据。他们进行身份验证后，它应该典型的现场工作。但是，如果他们无法验证自己的身份，他们应该什么也看不见。

I'm trying to set up a staging instance of my yesod webserver, and I was wondering if there were some easy way to make the entire site password protected. Specifically, I want to be able to prompt those who navigate to my site for credentials. After they authenticate it should function as the typical site. But if they cannot authenticate themselves they should see nothing.

推荐答案

要扩大@ MichaelSnoyman的回答，这里就是我实现了WAI HTTP认证中间件：

To expand on @MichaelSnoyman's answer, here's how I implemented the WAI HTTP Auth middleware:

从脚手架网站，我去了 Application.hs ，里面有像这样已经建立的一些日志记录中间件：

From the scaffolded site, I went to Application.hs, which has already setup some logging middleware like so:

makeApplication :: AppConfig DefaultEnv Extra -> IO Application
makeApplication conf = do
    foundation <- makeFoundation conf

    -- Initialize the logging middleware
    logWare <- mkRequestLogger def
        { outputFormat =
            if development
                then Detailed True
                else Apache FromSocket
        , destination = RequestLogger.Logger $ loggerSet $ appLogger foundation
        }

    -- Create the WAI application and apply middlewares
    app <- toWaiAppPlain foundation
    return $ logWare app

要添加HTTP认证，我引用的WAI 和<一的耶索德本书的章href=\"http://hackage.haskell.org/package/wai-extra-3.0.1/docs/Network-Wai-Middleware-HttpAuth.html\">HttpAuth文档迈克尔引用。该文档提出这一点为使用HttpAuth中间件的一个例子：

To add HTTP auth, I referenced the Yesod book's chapter on WAI and the HttpAuth docs that Michael referenced. The docs give this as an example of using the HttpAuth middleware:

basicAuth (\u p -> return $ u == "michael" && p == "mypass") "My Realm"

我可以只粘贴在右下角应用日志中间件之后：

I was able to just paste that at the bottom right after the logging middleware is applied:

import qualified Network.Wai.Middleware.HttpAuth as HttpAuth

makeApplication :: AppConfig DefaultEnv Extra -> IO Application
makeApplication conf = do
    foundation <- makeFoundation conf

    -- Initialize the logging middleware
    logWare <- mkRequestLogger def
        { outputFormat =
            if development
                then Detailed True
                else Apache FromSocket
        , destination = RequestLogger.Logger $ loggerSet $ appLogger foundation
        }

    -- Create the WAI application and apply middlewares
    app <- toWaiAppPlain foundation
    return $ logWare $ HttpAuth.basicAuth (\u p -> return $ u == "michael" && p == "mypass") "My Realm" $ app

下面就是看起来像在Safari中：

Here's what that looks like in Safari:

该种类的认证是不是真的适合普通用户，但它的伟大的锁定意味着供内部使用的网站。它也为机器（监视服务器，脚本）一个简单的方法将自己与你的服务器进行身份验证。

This kind of authentication isn't really appropriate for regular users, but its great for locking down a site meant for internal use. Its also an easy way for machines (monitoring servers, scripts) to authenticate themselves with your server.

这篇关于耶索德 - 密码保护暂存网站的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！