Webs_kit.Basic_authHTTP basic authentication
WARNING. Only for quick hacks over HTTPS. Nothing serious should be protected by that, the user name and password travel in plain text on each request. Without prevention it is easily amenable to cross-site request forgery attacks. Finally it is not possible for users to log out.
References.
The type for users. Note that since all this is utterly broken the user should not contain ':' (U+003A) characters.
type check = user:user -> pass:string -> (unit, [ `User_unknown | `Wrong_password ]) Stdlib.resultThe type for basic authentication password check. Really, don't use that. If this sources from storage at least hash your passwords.
val enticate : ?cancel:(Webs.Req.t -> Webs.Resp.t) -> check:check -> realm:string -> Webs.Req.t -> (user * Webs.Req.t, Webs.Resp.t) Stdlib.resultenticate ~check ~realm ~forbidden_body ~cancel req is:
Ok (user, req) if the basic authorization header in req passes check.Error (cancel req) with a challenge for realm if there is no authorization header or if check failed. The page is only shown if the user cancels, defaults to an english HTML page that entices the user to try again via a link to self.Error resp if the basic authentication failed to parse.