Basic access authentication.

drmats · Jan 23, 2014 · 1bd8473 · 1bd8473
1 parent 8a8ab05
commit 1bd8473
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -46,33 +46,49 @@ the latest version.
 
 * standalone:
 
-        python fup.py [-h] [--host HOST] [--no-js] [-v] [port]
+        $ python fup.py --help
+        usage: fup.py [-h] [--host HOST] [-a AUTH] [--no-js] [-v] [port]
+
+        Basic file upload WSGI application.
+
+        positional arguments:
+          port                  specify alternate port [default: 8000]
+
+        optional arguments:
+          -h, --help            show this help message and exit
+          --host HOST           specify host [default: 0.0.0.0]
+          -a AUTH, --auth AUTH  specify username:password that will be required from
+                                user agent [default: no authentication required]
+          --no-js               do not use JavaScript on client side
+          -v, --version         show program's version number and exit
+
+        More at: https://github.com/drmats/pyfup
 
 * with [werkzeug](http://werkzeug.pocoo.org/):
 
-        python -m werkzeug.serving [-b HOST:PORT] fup:app
+        $ python -m werkzeug.serving [-b HOST:PORT] fup:app
 
 * with [gunicorn](http://gunicorn.org/):
 
-        gunicorn [-b HOST] --access-logfile - fup:app
+        $ gunicorn [-b HOST] --access-logfile - fup:app
 
 * in order to be able to accept big files and avoid "worker timeouts" it is
 desirable to use asynchronous ([eventlet](http://eventlet.net/),
 [gevent](http://www.gevent.org/) or
 [tornado](http://www.tornadoweb.org/))
 [worker classes](http://docs.gunicorn.org/en/latest/settings.html#worker-processes):
 
-        gunicorn [-b HOST] -k eventlet --access-logfile - fup:app
-        gunicorn [-b HOST] -k gevent --access-logfile - fup:app
-        gunicorn [-b HOST] -k tornado fup:app
+        $ gunicorn [-b HOST] -k eventlet --access-logfile - fup:app
+        $ gunicorn [-b HOST] -k gevent --access-logfile - fup:app
+        $ gunicorn [-b HOST] -k tornado fup:app
 
 * with [Twisted Web](https://twistedmatrix.com/trac/wiki/TwistedWeb):
 
-        twistd -n web [--port PORT] --wsgi fup.app
+        $ twistd -n web [--port PORT] --wsgi fup.app
 
 * with [uWSGI](http://uwsgi-docs.readthedocs.org/en/latest/):
 
-        uwsgi --plugin python --http :[PORT] --wsgi-file fup.py --callable app
+        $ uwsgi --plugin python --http :[PORT] --wsgi-file fup.py --callable app
 
 
 

diff --git a/fup.py b/fup.py
@@ -505,14 +505,46 @@ def __init__ (self, config={}):
             "/m.js" : View.template("client_logic", "application/javascript"),
             "/upload" : View.upload
         }
-        self.config = {"no_js" : False}
+        self.config = {
+            "no_js" : False,
+            "auth" : "no"
+        }
         self.config.update(config)
 
 
+    def authorized (self, env):
+        """check if user agent authorized itself properly"""
+        try:
+            return (
+                self.config["auth"] == "no" or (
+                    "HTTP_AUTHORIZATION" in env and (
+                        env["HTTP_AUTHORIZATION"].startswith("Basic ") and (
+                            base64.b64decode(
+                                env["HTTP_AUTHORIZATION"].split(" ")[1]
+                            ) == utf8_encode(self.config["auth"])
+                        )
+                    )
+                )
+            )
+        except:
+            return False
+
+
     def dispatch (self, env):
         """Basic, url-based action dispatcher."""
         if env["PATH_INFO"] in self.urls:
-            return self.urls[env["PATH_INFO"]](env, self.config)
+            if self.authorized(env):
+                return self.urls[env["PATH_INFO"]](env, self.config)
+            else:
+                return (
+                    "401 Not Authorized", [
+                        ("Content-Type", "text/plain; charset=utf-8"),
+                        (
+                            "WWW-Authenticate",
+                            "Basic realm=\"pyfup v%s\"" % __version__
+                        )
+                    ], utf8_encode("Not Authorized")
+                )
         else:
             return (
                 "404 Not Found", [
@@ -561,7 +593,8 @@ def __init__ (self):
         self.server_process = Process(
             target=self.run_server,
             args=(args.host, args.port, {
-                "no_js" : args.no_js
+                "no_js" : args.no_js,
+                "auth" : args.auth
             })
         )
         self.server_process.start()
@@ -578,6 +611,13 @@ def parse_args (self):
             "--host", action="store", default="0.0.0.0", type=str,
             help="specify host [default: 0.0.0.0]"
         )
+        argparser.add_argument(
+            "-a", "--auth", action="store", default="no", type=str,
+            help=dedent("""\
+                specify username:password that will be required \
+                from user agent [default: no authentication required]"""
+            )
+        )
         argparser.add_argument(
             "--no-js", action="store_true", default=False,
             help="do not use JavaScript on client side"