Quantcast

HTTPS and Basic Authentication with Erlang

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

HTTPS and Basic Authentication with Erlang

David Wright

I have been googling and stackoverflowing for a few days now and have failed to find an example of how to use Erlang to handle\process a HTTPS request.

Can someone give me a URL for how to do it or some sample code?

-- 
David Gray Wright

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: HTTPS and Basic Authentication with Erlang

Siraaj Khandkar-3
On 2/14/17 10:55 PM, David Wright wrote:
>
> I have been googling and stackoverflowing for a few days now and have
> failed to find an example of how to use Erlang to handle\process a HTTPS
> request.
>
> Can someone give me a URL for how to do it or some sample code?


https://github.com/ninenines/cowboy/tree/master/examples
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: HTTPS and Basic Authentication with Erlang

David Wright
Interesting examples however they rely on cowboy, if I am correct.

I am after an Erlang only example or is using a framework (http server) like cowboy the only way?

On 15 February 2017 at 15:38, Siraaj Khandkar <[hidden email]> wrote:
On 2/14/17 10:55 PM, David Wright wrote:

I have been googling and stackoverflowing for a few days now and have
failed to find an example of how to use Erlang to handle\process a HTTPS
request.

Can someone give me a URL for how to do it or some sample code?


https://github.com/ninenines/cowboy/tree/master/examples
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions



--
David Gray Wright

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: HTTPS and Basic Authentication with Erlang

Kenneth Lakin
On 02/14/2017 09:00 PM, David Wright wrote:
> I am after an Erlang only example or is using a framework (http server)
> like cowboy the only way?

You can serve HTTP over SSL/TLS with erlang's httpd module:

Erlang/OTP 19 [erts-8.2] [source] [smp:2:2] [ds:2:2:10]
[async-threads:10] [hipe] [kernel-poll:true]

Eshell V8.2  (abort with ^G)
1> application:ensure_all_started(inets).
 {ok,[inets]}
2> inets:start(httpd, [{port, 8443}, {server_root, "."}, {server_name,
"localhost"}, {document_root, "."}, {socket_type, {essl, [{certfile,
"server.pem"}]}}]).
{ok,<0.77.0>}
3>

$ curl -k https://localhost:8443/index.html
<html>
  <body>
    hello
  </body>
</html>
$


See <http://erlang.org/doc/man/httpd.html> for more info. I don't know
about Basic Auth but the "Authentication Properties" section in the
documentation looks promising.



_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: HTTPS and Basic Authentication with Erlang

David Wright
I apologize for not wording my question appropriately.

With the previous example it will use https to serve documents found in the document_root. However I would like to write a restful API and decode the URL and obtain parameters for the API method. I was wanting an example of how this is done in erlang and not something like cowboy or Chicago Boss. I have read about tls and ssl but failed to find how to achieve what I need with https.

Namaste'
David Gray Wright

> On 15 Feb 2017, at 6:11 pm, Kenneth Lakin <[hidden email]> wrote:
>
>> On 02/14/2017 09:00 PM, David Wright wrote:
>> I am after an Erlang only example or is using a framework (http server)
>> like cowboy the only way?
>
> You can serve HTTP over SSL/TLS with erlang's httpd module:
>
> Erlang/OTP 19 [erts-8.2] [source] [smp:2:2] [ds:2:2:10]
> [async-threads:10] [hipe] [kernel-poll:true]
>
> Eshell V8.2  (abort with ^G)
> 1> application:ensure_all_started(inets).
> {ok,[inets]}
> 2> inets:start(httpd, [{port, 8443}, {server_root, "."}, {server_name,
> "localhost"}, {document_root, "."}, {socket_type, {essl, [{certfile,
> "server.pem"}]}}]).
> {ok,<0.77.0>}
> 3>
>
> $ curl -k https://localhost:8443/index.html
> <html>
>  <body>
>    hello
>  </body>
> </html>
> $
>
>
> See <http://erlang.org/doc/man/httpd.html> for more info. I don't know
> about Basic Auth but the "Authentication Properties" section in the
> documentation looks promising.
>
>
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: HTTPS and Basic Authentication with Erlang

Alex S.

> 15 февр. 2017 г., в 11:37, David Wright <[hidden email]> написал(а):
>
> I apologize for not wording my question appropriately.
>
> With the previous example it will use https to serve documents found in the document_root. However I would like to write a restful API and decode the URL and obtain parameters for the API method. I was wanting an example of how this is done in erlang and not something like cowboy or Chicago Boss. I have read about tls and ssl but failed to find how to achieve what I need with https.
>
> Namaste'
> David Gray Wright

Why exactly don’t you want Cowboy? It’s pretty okay for building RESTful APIs.

Otherwise, you can look into SSL module and do the whole song and dance of HTTP protocol upgrade yourself.
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: HTTPS and Basic Authentication with Erlang

Kenneth Lakin
In reply to this post by David Wright
On 02/15/2017 12:37 AM, David Wright wrote:
> However I would like to write a restful API and decode the URL and
obtain parameters
> for the API method.

AFAIK, the "magic" of REST is behaving in a vaguely-standard way to
requests containing particular METHODs at particular paths.

You can write your own Erlang httpd callback modules, and -AFAICT- get
access to just about everything you'd need to know about the HTTP(S)
request using the tools provided.

<http://erlang.org/doc/man/httpd.html#Module:do-1> describes the
mandatory function that a httpd callback module must implement.
Searching for "Erlang Web Server API Modules" in that page tells you
about how to make httpd call your module when a request comes in.
Searching for "ERLANG WEB SERVER API DATA TYPES" tells you how to load
the relevant record definition into your callback module, which will
give you easy access to the request's METHOD and more.
<http://erlang.org/doc/man/httpd_util.html> looks like it has some
useful tools for working with HTTP requests.
<http://erlang.org/doc/man/http_uri.html> looks like it has useful URI
processing code.

If you're dead-set on not using Cowboy, spend some time with the
relevant parts of the inets documentation. The relevant parts of the
inets User's Guide might also be informative:
<http://erlang.org/doc/apps/inets/http_server.html>.

It's kind of important to note that both Cowboy and the HTTP server that
ships with Erlang/OTP are "just" a set of modules written in Erlang.
Unless you're operating in an environment where it's a pain to load
anything that doesn't ship with Erlang/OTP, don't let the fact that an
application doesn't ship with Erlang/OTP stop you from considering it.



_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: HTTPS and Basic Authentication with Erlang

Vance Shipley
In reply to this post by Kenneth Lakin
On Wed, Feb 15, 2017 at 12:41 PM, Kenneth Lakin <[hidden email]> wrote:

> On 02/14/2017 09:00 PM, David Wright wrote:
>> I am after an Erlang only example or is using a framework (http server)
>> like cowboy the only way?
>
> You can serve HTTP over SSL/TLS with erlang's httpd module:
>
> Erlang/OTP 19 [erts-8.2] [source] [smp:2:2] [ds:2:2:10]
> [async-threads:10] [hipe] [kernel-poll:true]
>
> Eshell V8.2  (abort with ^G)
> 1> application:ensure_all_started(inets).
>  {ok,[inets]}
> 2> inets:start(httpd, [{port, 8443}, {server_root, "."}, {server_name,
> "localhost"}, {document_root, "."}, {socket_type, {essl, [{certfile,
> "server.pem"}]}}]).
> {ok,<0.77.0>}

Building on that here's how to use mnesia with mod_auth for Basic
Authentication:

$ erl -mnesia dir db
...
1> mnesia:create_schema([node()]).
ok
2> mnesia:start().
ok
3> rr(code:lib_dir(inets, src) ++ "/http_server/mod_auth.hrl").
[httpd_group,httpd_user]
4> mnesia:create_table(httpd_user, [{type, bag}, {disc_copies,
[node()]}, {attributes, record_info(fields, httpd_user)}]).
{atomic,ok}
5> mnesia:create_table(httpd_group, [{type, bag}, {disc_copies,
[node()]}, {attributes, record_info(fields, httpd_group)}]).
{atomic,ok}
6> inets:start().
ok
7> Mandatory = [{port, 8080}, {server_root, "/Users/vances"},
{server_name, "rest"}, {document_root, "/Users/vances"}].
[{port,8080},
 {server_root,"/Users/vances"},
 {server_name,"rest"},
 {document_root,"/Users/vances"}]
8> Auth = [{directory, {"/", [{auth_type, mnesia}, {require_group, ["api"]}]}}].
[{directory,{"/",
             [{auth_type,mnesia},{require_group,["api"]}]}}]
9> inets:start(httpd, Mandatory ++ Auth).
{ok,<0.143.0>}
11> mod_auth:add_user("client", "secret", [], 8080, "/").
true
12> mod_auth:add_group_member("api", "client", 8080, "/").
true

$ curl -u client:secret --head http://localhost:8080/index.html
HTTP/1.1 200 OK
Date: Thu, 16 Feb 2017 04:37:58 GMT
Server: inets/6.3.4
Content-Type: text/html
Content-Length: 471

Writing your own callback module for use with inets is simple enough.
You must include it in the list of modules to be used by httpd with
the {modules, Modules]} property. The basic idea is that each module
will be called in sequence to process the request. Your module may do
nothing with some requests or it may return a response. In either
event you return {proceed, NewData} so that the rest of the modules
may do their part. For a REST application you might add a mod_rest
callback module to the list which handles the API resources but let
the mod_get module handle file resources, mod_auth handle
authentication, mod_alias handle rewriting paths, etc..


--
     -Vance
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: HTTPS and Basic Authentication with Erlang

Loïc Hoguin-3
In reply to this post by Kenneth Lakin
On 02/16/2017 02:34 AM, Kenneth Lakin wrote:
> On 02/15/2017 12:37 AM, David Wright wrote:
>> However I would like to write a restful API and decode the URL and
> obtain parameters
>> for the API method.

Cowboy comes with a REST basic auth example:
https://git.ninenines.eu/cowboy.git/tree/examples/rest_basic_auth

> AFAIK, the "magic" of REST is behaving in a vaguely-standard way to
> requests containing particular METHODs at particular paths.

What you describe is *HTTP*.

The "magic" of REST is to not have to write a client for every single
API out there, and instead only write the higher level logic about the
media types that are manipulated (which are often standard themselves,
for example (X)HTML). The server can then instruct the client what media
types are available and what operations you can do with them.

Browsers are a good example of REST clients. You don't need a separate
browser for every single website.

Most phone apps and "REST API" clients are good examples of non-REST
clients. They're written against a specific API and make many out of
band assumptions.

Note that REST is an architectural pattern and doesn't apply only to
HTTP, and that HTTP is not enough to have REST: you also need at the
very least to have media types that support hyperlinks and forms (or
other ways of describing operations on resources).

Which implies that all APIs that only serve application/json are not
REST APIs...

Cheers,

--
Loïc Hoguin
https://ninenines.eu
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: HTTPS and Basic Authentication with Erlang

Alex S.

> 16 февр. 2017 г., в 13:38, Loïc Hoguin <[hidden email]> написал(а):
>
> On 02/16/2017 02:34 AM, Kenneth Lakin wrote:
>> On 02/15/2017 12:37 AM, David Wright wrote:
>>> However I would like to write a restful API and decode the URL and
>> obtain parameters
>>> for the API method.
>
> Cowboy comes with a REST basic auth example: https://git.ninenines.eu/cowboy.git/tree/examples/rest_basic_auth
>
>> AFAIK, the "magic" of REST is behaving in a vaguely-standard way to
>> requests containing particular METHODs at particular paths.
>
> What you describe is *HTTP*.
>
> The "magic" of REST is to not have to write a client for every single API out there, and instead only write the higher level logic about the media types that are manipulated (which are often standard themselves, for example (X)HTML). The server can then instruct the client what media types are available and what operations you can do with them.
>
> Browsers are a good example of REST clients. You don't need a separate browser for every single website.
>
> Most phone apps and "REST API" clients are good examples of non-REST clients. They're written against a specific API and make many out of band assumptions.
>
> Note that REST is an architectural pattern and doesn't apply only to HTTP, and that HTTP is not enough to have REST: you also need at the very least to have media types that support hyperlinks and forms (or other ways of describing operations on resources).
>
> Which implies that all APIs that only serve application/json are not REST APIs…

To be fair, you both describe half of REST. Both interlinking *and* good cache/method behaviour (which most browsers don’t rely upon, precisely because WWW is not that RESTful) is required for a REST architecture.

It is also fair to say that most homegrown protocols do not benefit from hyperlinking, and weren’t made with REST in mind (and with vendor mime types) precisely because of that.

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: HTTPS and Basic Authentication with Erlang

Loïc Hoguin-3
On 02/16/2017 11:41 AM, Alex S. wrote:
> To be fair, you both describe half of REST. Both interlinking *and* good cache/method behaviour (which most browsers don’t rely upon, precisely because WWW is not that RESTful) is required for a REST architecture.

I only mentioned the parts that are not taken care of by simply using
HTTP. In other words the parts an implementor of a REST API/client
should be aware of (otherwise they're not doing REST).

I am not sure what you mean about browsers. Browsers do rely on and
enforce cache rules. So do caching proxies. The Web wouldn't work
without that.

> It is also fair to say that most homegrown protocols do not benefit from hyperlinking, and weren’t made with REST in mind (and with vendor mime types) precisely because of that.

There's no silver bullet. :-)

--
Loïc Hoguin
https://ninenines.eu
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Loading...