A draft for centralized authentication

using standard Apache modules.

docker-compose.yml

@@ -58,6 +58,7 @@ services:
         container_name: feedati_webserver
         volumes:
             - ./docker/frontend-apache.conf:/usr/local/apache2/conf/httpd.conf:ro
+            - ./docker/frontend-login/:/var/www/login/:ro
         ports:
             - 80:80
         depends_on:

docker/frontend-apache.conf

@@ -20,6 +20,18 @@ LoadModule status_module modules/mod_status.so
 LoadModule autoindex_module modules/mod_autoindex.so
 LoadModule dir_module modules/mod_dir.so
 LoadModule alias_module modules/mod_alias.so
+
+LoadModule session_module modules/mod_session.so
+LoadModule session_crypto_module modules/mod_session_crypto.so
+LoadModule session_cookie_module modules/mod_session_cookie.so
+LoadModule request_module modules/mod_request.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule auth_form_module modules/mod_auth_form.so
+LoadModule authn_file_module modules/mod_authn_file.so
+# LoadModule authn_dbm_module modules/mod_authn_dbm.so
+
+LoadModule macro_module modules/mod_macro.so
+
 #LoadModule rewrite_module modules/mod_rewrite.so
 
 <IfModule unixd_module>
@@ -39,37 +51,38 @@ ServerAdmin you@example.com
 
 ServerName feedati-fe:80
 
+<Macro Auth>
+    AuthFormLoginRequiredLocation "/login/"
+    AuthFormLoginRequiredLocation "/login/"
+    AuthFormProvider file
+# authn
+    AuthFormProvider file
+    AuthUserFile /etc/apache2/passwords.txt
+# form
+    AuthType form
+    AuthName "authenticationform"
+# mod_session
+    Session On
+    SessionCookieName session path=/;httponly
+    SessionCryptoPassphrase changeme!really!
+</Macro>
+
+<Location "/login/do">
+SetHandler form-login-handler
+Use Auth
+AuthFormLoginSuccessLocation "/tt-rss/"
+</Location>
+
 <Directory />
     AllowOverride none
     Require all denied
 </Directory>
 
-DocumentRoot "/usr/local/apache2/htdocs"
+DocumentRoot "/var/www"
-<Directory "/usr/local/apache2/htdocs">
+<Directory "/var/www">
-    #
+    Options None
-    # Possible values for the Options directive are "None", "All",
-    # or any combination of:
-    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
-    #
-    # Note that "MultiViews" must be named *explicitly* --- "Options All"
-    # doesn't give it to you.
-    #
-    # The Options directive is both complicated and important.  Please see
-    # http://httpd.apache.org/docs/2.4/mod/core.html#options
-    # for more information.
-    #
-    Options Indexes FollowSymLinks
-
-    #
-    # AllowOverride controls what directives may be placed in .htaccess files.
-    # It can be "All", "None", or any combination of the keywords:
-    #   AllowOverride FileInfo AuthConfig Limit
-    #
     AllowOverride None
-
+    Use Auth
-    #
-    # Controls who can get stuff from this server.
-    #
     Require all granted
 </Directory>
 
@@ -180,11 +193,15 @@ ProxyPreserveHost On
 <Location /tt-rss/>
 ProxyPass http://tt-rss/tt-rss/
 ProxyPassReverse http://tt-rss/tt-rss/
+
+Use Auth
+Require valid-user
 </Location>
 
 <Location /rss-bridge/>
 ProxyPass http://rss-bridge/
 ProxyPassReverse http://rss-bridge/
+Require all granted
 </Location>
 
 # vim: set ft=apache bkc=yes:

docker/frontend-login/index.html

@@ -0,0 +1,31 @@
+<!doctype html>
+<html>
+	<head>
+		<title>Login required</title>
+		<link href='http://fonts.googleapis.com/css?family=Roboto+Condensed:300' rel='stylesheet' type='text/css'>
+		<link rel="stylesheet" type="text/css" href="/login/css/style.css" />
+		<script type="text/javascript">
+			function init() {
+				if (localStorage.getItem("tryLogin")) {
+					document.getElementById("error").className += "show";
+					localStorage.removeItem("tryLogin");
+				}
+				document.getElementById("password").focus();
+			}
+			
+			function tryLogin() {
+				localStorage.setItem("tryLogin", true);	
+			}
+		</script>
+	</head>
+	<body onload="init()">
+		<div id="content">
+			<h1>Feedati login</h1>
+			<form method="POST" action="/login/do" onsubmit="tryLogin()">
+				<label for="username">Username</label><input type="text" id="username" name="httpd_username" value="friends" />
+				<label for="password">Password</label><input type="password" id="password" name="httpd_password" value="" />
+				<input type="submit" name="login" value="Login" />
+			</form>
+		</div>
+	</body>
+</html>