Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing documentation on how to use proxy with auth based collection selection #909

Open
despens opened this issue Jun 9, 2024 · 2 comments
Open

Missing documentation on how to use proxy with auth based collection selection #909

despens opened this issue Jun 9, 2024 · 2 comments

Comments

@despens
Copy link

despens commented Jun 9, 2024

I would like to activate the selection of a collection in proxy mode via proxy auth. In this mode, a user would access a pywb instance via proxy, and instead of getting to a pre-configured default collection, the collection could be selected by typing its name into a proxy auth dialog.

The documentation doesn't explain how to activate this mode.

Describe the solution you'd like

I'd like a proxy mode in which the collection can be selected via proxy auth. As far as I know this mode exists but remains undocumented.

Describe alternatives you've considered

I am currently setting up multiple instances of pywb, accepting connections on different ports, each with a different proxy configuration. These pywb instances then use the memento and cdx apis to access different collections on my main pywb instance. This seems overkill 😅
@ato
Copy link
Contributor

ato commented Jun 19, 2024

I don't think pywb has this mode builtin anymore. There's some old documentation on the wiki but as far as I can tell the code for it has been removed.

The configuration guide mentions:

Extensions to pywb can override proxy_route_request() to provide custom handling, such as setting the collection dynamically or based on external data sources.

I'm not sure what the proper way to write an extension is but putting this in a .py file and running it worked for me:

#!/usr/bin/env python
from base64 import b64decode
from pywb.apps.frontendapp import FrontEndApp
from pywb.utils.geventserver import GeventServer

def require_auth(env):
    proxy_auth = env.get('HTTP_PROXY_AUTHORIZATION')
    if proxy_auth is None or not proxy_auth.lower().startswith('basic '):
        return 'Collection as username, blank password'
    return None

class App(FrontEndApp):
    def proxy_route_request(self, url, env):
        auth = env['HTTP_PROXY_AUTHORIZATION'].split(' ')[1]
        user_pass = b64decode(auth.encode('utf-8'))
        coll = user_pass.decode('utf-8').split(':')[0]
        if '/' in coll: raise Exception("Username can't contain /")
        return '/{0}/bn_/{1}'.format(coll, url)

    # this is weird but it's what wsgiprox calls to prompt for auth
    proxy_route_request.require_auth = require_auth

if __name__ == '__main__':
    GeventServer(App(), port=8080, hostname='0.0.0.0').join()

@despens
Copy link
Author

despens commented Jun 19, 2024

Thank you so much @ato I'll give this a try and report back.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ato @despens