| doc | ||
| src/ring_api_key_middleware | ||
| test/ring_api_key_middleware | ||
| .gitignore | ||
| CHANGELOG.md | ||
| LICENSE | ||
| project.clj | ||
| README.org | ||
https://travis-ci.org/threatgrid/ring-api-key-middleware.png?branch=master
ring-api-key-middleware
A simple middleware to authenticate users using API Key
Features
- the function to check the validity of API Key should be provided and not part of this middleware.
Usage
Middleware & options
Use wrap-api-key-auth-fn to create an instance of the middleware,
wrap your routes with it:
(defn get-auth-from-api-key [token]
(when (= token "secret-api-key")
{:user "user-01"
:groups ["admin-id" "user-id"]
:username "username"
:group-names ["admin" "users"]
:admin true
:auth-type :api-key}))
(def app
(wrap-api-key-auth-fn handler get-auth-from-api-key))When configured like this all requests with the header:
Authorization: apiKey secret-api-keywill be modified to be passed to the handler with the new key `:api-key-info` containing:
{:user "user-01"
:groups ["admin-id" "user-id"]
:username "username"
:group-names ["admin" "users"]
:admin true}If the header contain an Authorization header with an unknown `api-key` the request will be rejected with a 403.
Authorization: apiKey unknown-api-keyIf the header contain something with another authorization kind or no authorization header like:
Authorization: Bearer something-elseThen the request will be passed to the handler without any `api-key-info`. This provide the ability for other authentication middleware to be used. Deciding what to do about authenticated or non-authenticated user is left for another middleware or to be handled by the app handler.
License
Copyright © 2015-2017 Cisco Systems Eclipse Public License v1.0