repos: 236110759
This data as json
| id | node_id | name | full_name | private | owner | html_url | description | fork | created_at | updated_at | pushed_at | homepage | size | stargazers_count | watchers_count | language | has_issues | has_projects | has_downloads | has_wiki | has_pages | forks_count | archived | disabled | open_issues_count | license | topics | forks | open_issues | watchers | default_branch | permissions | temp_clone_token | organization | network_count | subscribers_count | readme | readme_html | allow_forking | visibility | is_template | template_repository | web_commit_signoff_required | has_discussions |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 236110759 | MDEwOlJlcG9zaXRvcnkyMzYxMTA3NTk= | datasette-auth-existing-cookies | simonw/datasette-auth-existing-cookies | 0 | 9599 | https://github.com/simonw/datasette-auth-existing-cookies | Datasette plugin that authenticates users based on existing domain cookies | 0 | 2020-01-25T01:20:31Z | 2022-05-28T01:50:15Z | 2022-05-30T17:10:11Z | 54 | 3 | 3 | Python | 1 | 1 | 1 | 1 | 0 | 1 | 0 | 0 | 0 | apache-2.0 | ["datasette", "datasette-io", "datasette-plugin"] | 1 | 0 | 3 | main | {"admin": false, "maintain": false, "push": false, "triage": false, "pull": false} | 1 | 3 | # datasette-auth-existing-cookies [](https://pypi.org/project/datasette-auth-existing-cookies/) [](https://github.com/simonw/datasette-auth-existing-cookies/releases) [](https://github.com/simonw/datasette-auth-existing-cookies/actions?query=workflow%3ATest) [](https://github.com/simonw/datasette-auth-existing-cookies/blob/master/LICENSE) Datasette plugin that authenticates users based on existing domain cookies. ## When to use this This plugin allows you to build custom authentication for Datasette when you are hosting a Datasette instance on the same domain as another, authenticated website. Consider a website on `www.example.com` which supports user authentication. You could run Datasette on `data.example.com` in a way that lets it see cookies that were set for the `.example.com` domain. Using this plugin, you could build an API endpoint at `www.example.com/user-for-cookies` which returns a JSON object representing the currently signed-in user, based on their cookies. The plugin running on `data.example.com` will then make the `actor` available to the rest of Datasette based on the response from that API. Read about [Datasette's authentication and permissions system](https://docs.datasette.io/en/stable/authentication.html) for more on how actors and permissions work. ## Configuration This plugin requires some configuration in the Datasette [metadata.json file](https://datasette.readthedocs.io/en/stable/plugins.html#plugin-configuration). The following configuration options are supported: - `api_url`: this is the API endpoint that Datasette should call with the user's cookies in order to identify the logged in user. - `cookies`: optional. A list of cookie names that should be passed through to the API endpoint - if left blank, the default is to send all cookies. - `ttl`: optional. By default Datasette will make a request to the API endpoint for every HTTP request recieved by Datasette itself. A `ttl` value of 5 will cause Datasette to cache the actor associated with the user's cookies for 5 seconds, reducing that API traffic. - `headers`: an optional list of other headers to forward to the API endpoint as query string parameters. Here is an example that uses all four of these settings: ```json { "plugins": { "datasette-auth-existing-cookies": { "api_url": "http://www.example.com/user-from-cookies", "cookies": ["sessionid"], "headers": ["host"], "ttl": 10 } } } ``` With this configuration any hit to a Datasette hosted at `data.example.com` will result in the following request being made to the `http://www.example.com/user-from-cookies` API endpoint: ``` GET http://www.example.com/user-from-cookies?host=data.example.com Cookie: sessionid=abc123 ``` That API is expected to return a JSON object representing the current user: ```json { "id": 1, "name": "Barry" } ``` Since `ttl` is set to 10 that actor will be cached for ten seconds against that exact combination of cookies and headers. When that cache expires another hit will be made to the API. When deciding on a TTL value, take into account that users who lose access to the core site - maybe because their session expires, or their account is disabled - will still be able to access the Datasette instance until that cache expires. | <div id="readme" class="md" data-path="README.md"><article class="markdown-body entry-content container-lg" itemprop="text"><h1 dir="auto"><a id="user-content-datasette-auth-existing-cookies" class="anchor" aria-hidden="true" href="#user-content-datasette-auth-existing-cookies"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>datasette-auth-existing-cookies</h1> <p dir="auto"><a href="https://pypi.org/project/datasette-auth-existing-cookies/" rel="nofollow"><img src="https://camo.githubusercontent.com/590f1fc881f5547ddc2df20c3e78f26fde45e0e616863c3c2111d37bf22f6a61/68747470733a2f2f696d672e736869656c64732e696f2f707970692f762f6461746173657474652d617574682d6578697374696e672d636f6f6b6965732e737667" alt="PyPI" data-canonical-src="https://img.shields.io/pypi/v/datasette-auth-existing-cookies.svg" style="max-width: 100%;"></a> <a href="https://github.com/simonw/datasette-auth-existing-cookies/releases"><img src="https://camo.githubusercontent.com/ca9233dbd3b295b882d4e93a38bf3d9d64a6904111ad04a787a4d7201b3cd58f/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f72656c656173652f73696d6f6e772f6461746173657474652d617574682d6578697374696e672d636f6f6b6965733f696e636c7564655f70726572656c6561736573266c6162656c3d6368616e67656c6f67" alt="Changelog" data-canonical-src="https://img.shields.io/github/v/release/simonw/datasette-auth-existing-cookies?include_prereleases&label=changelog" style="max-width: 100%;"></a> <a href="https://github.com/simonw/datasette-auth-existing-cookies/actions?query=workflow%3ATest"><img src="https://github.com/simonw/datasette-auth-existing-cookies/workflows/Test/badge.svg" alt="Tests" style="max-width: 100%;"></a> <a href="https://github.com/simonw/datasette-auth-existing-cookies/blob/master/LICENSE"><img src="https://camo.githubusercontent.com/1698104e976c681143eb0841f9675c6f802bb7aa832afc0c7a4e719b1f3cf955/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d417061636865253230322e302d626c75652e737667" alt="License" data-canonical-src="https://img.shields.io/badge/license-Apache%202.0-blue.svg" style="max-width: 100%;"></a></p> <p dir="auto">Datasette plugin that authenticates users based on existing domain cookies.</p> <h2 dir="auto"><a id="user-content-when-to-use-this" class="anchor" aria-hidden="true" href="#user-content-when-to-use-this"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>When to use this</h2> <p dir="auto">This plugin allows you to build custom authentication for Datasette when you are hosting a Datasette instance on the same domain as another, authenticated website.</p> <p dir="auto">Consider a website on <code>www.example.com</code> which supports user authentication.</p> <p dir="auto">You could run Datasette on <code>data.example.com</code> in a way that lets it see cookies that were set for the <code>.example.com</code> domain.</p> <p dir="auto">Using this plugin, you could build an API endpoint at <code>www.example.com/user-for-cookies</code> which returns a JSON object representing the currently signed-in user, based on their cookies.</p> <p dir="auto">The plugin running on <code>data.example.com</code> will then make the <code>actor</code> available to the rest of Datasette based on the response from that API.</p> <p dir="auto">Read about <a href="https://docs.datasette.io/en/stable/authentication.html" rel="nofollow">Datasette's authentication and permissions system</a> for more on how actors and permissions work.</p> <h2 dir="auto"><a id="user-content-configuration" class="anchor" aria-hidden="true" href="#user-content-configuration"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Configuration</h2> <p dir="auto">This plugin requires some configuration in the Datasette <a href="https://datasette.readthedocs.io/en/stable/plugins.html#plugin-configuration" rel="nofollow">metadata.json file</a>.</p> <p dir="auto">The following configuration options are supported:</p> <ul dir="auto"> <li><code>api_url</code>: this is the API endpoint that Datasette should call with the user's cookies in order to identify the logged in user.</li> <li><code>cookies</code>: optional. A list of cookie names that should be passed through to the API endpoint - if left blank, the default is to send all cookies.</li> <li><code>ttl</code>: optional. By default Datasette will make a request to the API endpoint for every HTTP request recieved by Datasette itself. A <code>ttl</code> value of 5 will cause Datasette to cache the actor associated with the user's cookies for 5 seconds, reducing that API traffic.</li> <li><code>headers</code>: an optional list of other headers to forward to the API endpoint as query string parameters.</li> </ul> <p dir="auto">Here is an example that uses all four of these settings:</p> <div class="highlight highlight-source-json notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="{ "plugins": { "datasette-auth-existing-cookies": { "api_url": "http://www.example.com/user-from-cookies", "cookies": ["sessionid"], "headers": ["host"], "ttl": 10 } } }"><pre>{ <span class="pl-ent">"plugins"</span>: { <span class="pl-ent">"datasette-auth-existing-cookies"</span>: { <span class="pl-ent">"api_url"</span>: <span class="pl-s"><span class="pl-pds">"</span>http://www.example.com/user-from-cookies<span class="pl-pds">"</span></span>, <span class="pl-ent">"cookies"</span>: [<span class="pl-s"><span class="pl-pds">"</span>sessionid<span class="pl-pds">"</span></span>], <span class="pl-ent">"headers"</span>: [<span class="pl-s"><span class="pl-pds">"</span>host<span class="pl-pds">"</span></span>], <span class="pl-ent">"ttl"</span>: <span class="pl-c1">10</span> } } }</pre></div> <p dir="auto">With this configuration any hit to a Datasette hosted at <code>data.example.com</code> will result in the following request being made to the <code>http://www.example.com/user-from-cookies</code> API endpoint:</p> <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="GET http://www.example.com/user-from-cookies?host=data.example.com Cookie: sessionid=abc123"><pre class="notranslate"><code>GET http://www.example.com/user-from-cookies?host=data.example.com Cookie: sessionid=abc123 </code></pre></div> <p dir="auto">That API is expected to return a JSON object representing the current user:</p> <div class="highlight highlight-source-json notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="{ "id": 1, "name": "Barry" }"><pre>{ <span class="pl-ent">"id"</span>: <span class="pl-c1">1</span>, <span class="pl-ent">"name"</span>: <span class="pl-s"><span class="pl-pds">"</span>Barry<span class="pl-pds">"</span></span> }</pre></div> <p dir="auto">Since <code>ttl</code> is set to 10 that actor will be cached for ten seconds against that exact combination of cookies and headers. When that cache expires another hit will be made to the API.</p> <p dir="auto">When deciding on a TTL value, take into account that users who lose access to the core site - maybe because their session expires, or their account is disabled - will still be able to access the Datasette instance until that cache expires.</p> </article></div> | 1 | public | 0 |
Links from other tables
- 12 rows from repo in releases