{ "info": { "author": "Wolfgang Schnerring ", "author_email": "wosc@wosc.de", "bugtrack_url": null, "classifiers": [ "License :: OSI Approved :: Zope Public License", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: Implementation :: CPython" ], "description": "=============================================\nnginx basic authentication against a database\n=============================================\n\nThis packages answers an `nginx auth subrequest`_ by looking up the\nuser/password in a database (mysql, postgresql, whatever `sqlalchemy`_\nsupports).\n\n.. _`nginx auth subrequest`: https://nginx.org/en/docs/http/ngx_http_auth_request_module.html\n.. _`sqlalchemy`: http://www.sqlalchemy.org/\n\n\nUsage\n=====\n\nConfigure database access\n-------------------------\n\nYou'll need to provide the DSN and the query using a configuration file::\n\n [default]\n dsn = postgresql://localhost/myusers\n query = SELECT password FROM users WHERE username = :username AND password = :password AND role = :x_required_role\n password_hash = bcrypt\n\nSee the `sqlalchemy documentation`_ for supported DSNs. Note that you have to\ninstall the respective driver python package (``mysql-python``, ``psycopg2``,\netc.) yourself.\n\n.. _`sqlalchemy documentation`: http://docs.sqlalchemy.org/en/latest/core/engines.html#database-urls\n\nThe query gets passed as SQL parameters the basic auth ``username`` and\n``password`` as well as any request headers (lowercase, and ``-`` replaced\nwith ``_``). (If that is not flexible enough for your usecase, you'll have to\nrun separate instances with specialized queries, for the time being).\n\nThe query must return the hashed password of the user. Since for simple cases\nyou might get away with using the SQL functions provided by your database to\nhash the password (e.g. mysql ``WHERE password=encrypt(:password, password)``),\nbut you can also specify any hash supported by `passlib`_ as the\n``password_hash`` to perform the comparison in Python (that's why we need the\nstored password hash from the database). You need to ``pip install passlib``\nto use this feature.\n\n.. _`passlib`: https://passlib.readthedocs.io/en/stable/narr/quickstart.html\n\n\nSet up HTTP service\n-------------------\n\nThen you need to set up an HTTP server, either with a dedicated process::\n\n $ nginx-db-auth-serve --host localhost --port 8899 --config /path/to/config\n\nor as a CGI script, if you have infrastructure for that set up anyway.\nHere's an example apache configuration snippet to do this::\n\n ScriptAlias /nginx-auth /path/to/nginxdbauth/nginx-db-auth-cgi\n \n SetEnv NGINXDBAUTH_CONFIG /path/to/config\n CGIPassAuth On # apache >= 2.4.13\n # SetEnv NGINXDBAUTH_LOGFILE /path/to/log # optional, for debugging\n \n\n\nConfigure nginx\n---------------\n\nNow you can set up a protected nginx location like this::\n\n location /private/ {\n auth_request /auth;\n # ... define rest of location ...\n }\n\n location = /auth {\n proxy_pass http://localhost:8899; # or http://mycgi/nginx-auth\n proxy_pass_request_body off;\n proxy_set_header Content-Length \"\";\n proxy_set_header X-Required-Role \"superuser\";\n proxy_set_header WWW-Authenticate \"my realm\";\n }\n\nThe ``WWW-Authenticate`` header sent by nginx will simply be echoed back on 401\nrequests (since as far as I can tell, nginx does not provide another way to set the realm string in the ``auth_request`` case).\n\n\nCHANGES\n=======\n\n1.0.2 (2018-03-28)\n------------------\n\n- Echo back the WWW-Authenticate header for 401 responses.\n\n\n1.0.1 (2018-03-28)\n------------------\n\n- Enable logging errors to a file for debugging the CGI script.\n\n\n1.0.0 (2018-03-27)\n------------------\n\n- First release.", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/wosc/nginx-db-auth", "keywords": "", "license": "ZPL 2.1", "maintainer": "", "maintainer_email": "", "name": "ws.nginxdbauth", "package_url": "https://pypi.org/project/ws.nginxdbauth/", "platform": "", "project_url": "https://pypi.org/project/ws.nginxdbauth/", "project_urls": { "Homepage": "https://github.com/wosc/nginx-db-auth" }, "release_url": "https://pypi.org/project/ws.nginxdbauth/1.0.2/", "requires_dist": null, "requires_python": "", "summary": "Authenticate an nginx request against an SQL database", "version": "1.0.2" }, "last_serial": 3714115, "releases": { "1.0.0": [ { "comment_text": "", "digests": { "md5": "3f41060bb7e41f6766dd35c0058817b5", "sha256": "07ba72f50069d1144f41cb55d0ffc339b3e78555e93468696d6660cd80ecc664" }, "downloads": -1, "filename": "ws.nginxdbauth-1.0.0.tar.gz", "has_sig": false, "md5_digest": "3f41060bb7e41f6766dd35c0058817b5", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5371, "upload_time": "2018-03-27T19:20:37", "url": "https://files.pythonhosted.org/packages/ca/3e/89a8c4051a1d6a001df2ef5496796eb2aea6b56522f9e4f63160569e101e/ws.nginxdbauth-1.0.0.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "15e94bbb3418ccf90d36435ae45447d2", "sha256": "e18220a665544d6ffa7bc130dafe52f2e97299776f4a140d66d75027d9879c91" }, "downloads": -1, "filename": "ws.nginxdbauth-1.0.1.tar.gz", "has_sig": false, "md5_digest": "15e94bbb3418ccf90d36435ae45447d2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5630, "upload_time": "2018-03-28T14:52:57", "url": "https://files.pythonhosted.org/packages/18/79/1840e358c157cf3d26a532f585308d96f07a9dd96557ab3657b56dbea629/ws.nginxdbauth-1.0.1.tar.gz" } ], "1.0.2": [ { "comment_text": "", "digests": { "md5": "d8be47badc805bef20ea11cecd356736", "sha256": "696df85f9ee200b1e76713c35401875a2af7f47199efc24b090f0234b77d80dc" }, "downloads": -1, "filename": "ws.nginxdbauth-1.0.2.tar.gz", "has_sig": false, "md5_digest": "d8be47badc805bef20ea11cecd356736", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5932, "upload_time": "2018-03-28T15:10:17", "url": "https://files.pythonhosted.org/packages/c7/1d/2b762e200146897654ca1f6c56ca8a0b011137665346aecaa4aafae54fdd/ws.nginxdbauth-1.0.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "d8be47badc805bef20ea11cecd356736", "sha256": "696df85f9ee200b1e76713c35401875a2af7f47199efc24b090f0234b77d80dc" }, "downloads": -1, "filename": "ws.nginxdbauth-1.0.2.tar.gz", "has_sig": false, "md5_digest": "d8be47badc805bef20ea11cecd356736", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 5932, "upload_time": "2018-03-28T15:10:17", "url": "https://files.pythonhosted.org/packages/c7/1d/2b762e200146897654ca1f6c56ca8a0b011137665346aecaa4aafae54fdd/ws.nginxdbauth-1.0.2.tar.gz" } ] }