Beast: Basic Authentication example

Created on 13 Oct 2019  路  20Comments  路  Source: boostorg/beast

I understand boost::beast does not offer high-level API to increase likelihood of standardisation in future. And I wonder whether the community produced wrappesr around boost::beast for mundane tasks.

I apologise in advance if this does not belong to a github issue, please close it in the case.

Example Feature

Most helpful comment

Nice!! Consider adding your project to this page?

https://github.com/boostorg/beast/wiki/Companies-and-Individuals-Using-Beast

All 20 comments

What high-level APIs did you have in mind?

Something along the lines of Python requests for example.

I understand that such a higher-level API is not in the business to belong to boost::beast, this issue is more for double checking whether any other independent developer made an effort in building something similar. On github I cannot seem to find any.

Something along the lines of Python requests for example.

Yeah that would be nice!

Nice!! Consider adding your project to this page?

https://github.com/boostorg/beast/wiki/Companies-and-Individuals-Using-Beast

Thank you @gocarlos

I hope that this thread will receive some few more entries!

Working on it: https://github.com/vinniefalco/url

What is the plan? First, you design and implement. a facility which can represent an URL,. Second, you plug some high-level API inside beast taking the aformentioned representation?

Is my understanding correct?

What is the plan?

Yes, the general idea is to work in layers. Asio is the bottom layer, the networking. Then we have Beast which implements low level HTTP and WebSocket. If we want to have a high-level HTTP client like Python Requests (which I think is a good goal!) then we need some other components:

  • URL Library
  • Library to get proxy configuration from the OS
  • SSL certificate verification lib
  • Refactored ZLib (to handle gzip and deflate Transfer-Encoding)
  • Basic Authentication module
  • Cookies module
  • OAuth2 library
  • "Secure" socket (i.e. a high-level boost::asio::ssl::stream)

And probably we will need a couple of other things along the way. I am figuring out how to get all of this going. If anyone wants to volunteer, I'm more than happy to have their help!

I am willing to contribute to this project. I am new to open source contribution but I am willing to put in time and effort to make this happen. Please provide some guideline on getting started. Thanks!

Any idea what Basic Authentication might look like? Or cookies?

I have an understanding of how basic authentication and cookies works, but I am not sure how the design and implementation will work yet? Do I have to turn in a proposal with the design and implementation details to move forward? Thanks!

Well, what I like to do is make a prototype of what the library would look like if it was used. Where I have some interfaces, but no implementatation, and then make a list of what use-cases I want to support. Then for each use-case I make a proposed syntax with sample code that shows what the syntax is like. Here's an example of that design process:
https://github.com/boostorg/beast/issues/154

basic_authentication_header can be used for constructing the basic authentication header from the provided username and password. encoded_header() returns the header after base64 encoding the username and password

    class basic_authentication_header
    {
    private:
                string header_before_encoding;
                string header_after_encoding;
        public:
                basic_authentication_header(string username, string password);
                void encode_header();
                string encoded_header();
    };

basic_authentication handles the authentication on server side. The path of the file containing the username and password is initalized from the constructor, and later the authenticate function compares the username and password from the header file with the username and password in the files, and determine the validity of the requestor.

class basic_authentication
{
    private:
            string username_passwd_file_path;

    public:
             basic_authentication(string username_passwd_file_path);
             bool authenticate(string header);
};

Above is the prototype and a brief description of the functions. Please recommend required modifications. Is this the right way to approach the design process? Thank you!

There's a file? (Yes, this is a good design approach)

I was thinking of a file which stores the username and password list like a .htpasswd file, which can be refered to while validating the basic authentication request.

I think having the file is a bit _too_ high level, we need something in between first. Maybe the API can have the caller supply an invocable object that performs the check for the credentials? And the example can have something that uses .htaccess (but this example code won't be an official, public API)

basic_auth

I took the above image from https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication website

As I was reading more about the basic authentication and through boost::beast::message and boost::beast:field library, I got more confused about implementing the basic authentication module. Initially I was thinking of a library that would help the users create the basic authentication header with username and password on the client side, and a function which would allow users to validate the basic authentication request on server side. Since the beast::message library allows the functionality to develop the basic authentication header for the user, I felt like I was going in the wrong direction. Could you please give some suggestion about what we are trying to accomplish with the basic authentication module? Thanks in advance!

Maybe first just write a simple example client program that does basic authentication against some well known server?

For the server, I did an apache2 server setup on SUSE Linux Enterprise server running on AWS ec2 instance. I have setup two targets one with basic authentication enabled, and the other without the basic authentication.

Link for the target without basic authentication: 52.15.155.121/index.html

Link for the target with the basic authentication: 52.15.155.121/basic_auth_test/index.html

The credential for logging into the link with basic_auth_test are provided below: username: test
Password: test

I verified from a web browser that the basic authentication mechanism is setup and working properly on the server.

For the client, I wrote the basic_auth_client by referring to the
libs/beast/example/http/client/sync/http_client_sync.cpp example provided in boost::beast documentation. The client is able to fetch the request and recognize whether the response has basic authentication or not. After recognizing that the server requires authorization, the client updates the authorization field of the request header with the required value which in our case is "Basic test:test", after base64 encoding turns out to be "Basic dGVzdDp0ZXN0". The server checks the header and verifies the request and responds with the required document.

The link for the project is listed below:
https://github.com/swornim1/test_server.git

Was this page helpful?
0 / 5 - 0 ratings

Related issues

jed1 picture jed1  路  4Comments

monada99 picture monada99  路  5Comments

nguoithichkhampha picture nguoithichkhampha  路  7Comments

djarek picture djarek  路  6Comments

inetic picture inetic  路  4Comments