yesod - 密码保护登台网站
use*_*407 4 authentication passwords haskell yesod
我正在尝试设置我的yesod网络服务器的暂存实例,我想知道是否有一些简单的方法可以保护整个网站的密码.具体来说,我希望能够提示导航到我的网站的人获取凭据.在进行身份验证后,它应该作为典型的站点.但如果他们无法证明自己,他们应该什么也看不见.
为了扩展@ MichaelSnoyman的答案,以下是我实现WAI HTTP Auth中间件的方法:
从脚手架网站,我去了Application.hs,已经设置了一些日志中间件,如下所示:
makeApplication :: AppConfig DefaultEnv Extra -> IO Application
makeApplication conf = do
foundation <- makeFoundation conf
-- Initialize the logging middleware
logWare <- mkRequestLogger def
{ outputFormat =
if development
then Detailed True
else Apache FromSocket
, destination = RequestLogger.Logger $ loggerSet $ appLogger foundation
}
-- Create the WAI application and apply middlewares
app <- toWaiAppPlain foundation
return $ logWare app
为了添加HTTP身份验证,我引用了Yesod书中关于WAI的章节以及Michael引用的HttpAuth文档.文档将此作为使用HttpAuth中间件的示例:
basicAuth (\u p -> return $ u == "michael" && p == "mypass") "My Realm"
我可以在应用日志记录中间件后将其粘贴到右下角:
import qualified Network.Wai.Middleware.HttpAuth as HttpAuth
makeApplication :: AppConfig DefaultEnv Extra -> IO Application
makeApplication conf = do
foundation <- makeFoundation conf
-- Initialize the logging middleware
logWare <- mkRequestLogger def
{ outputFormat =
if development
then Detailed True
else Apache FromSocket
, destination = RequestLogger.Logger $ loggerSet $ appLogger foundation
}
-- Create the WAI application and apply middlewares
app <- toWaiAppPlain foundation
return $ logWare $ HttpAuth.basicAuth (\u p -> return $ u == "michael" && p == "mypass") "My Realm" $ app
这是Safari中的样子:
这种身份验证并不适合普通用户,但它非常适合锁定一个供内部使用的网站.它也是机器(监视服务器,脚本)通过服务器进行身份验证的简便方法.