发表新帖
发表新帖

Simple username & password protection of a bokeh server

前端 未结
关注
1 1169
小鲜肉
小鲜肉 2021-01-06 20:43

I have a simple bokeh server application and I want to expose it on a Linux-based Azure node. The server is there up and running.

My question is: how to protect the

相关标签:
1条回答
  • 终归单人心
    2021-01-06 21:29

    You can try to disable generation of session id's by bokeh server and generate them by external application only after user authentication:
    (Based on this part of bokeh documentation)

    1. Generate secret key with bokeh secret command:
    $ bokeh secret
oIWDL7DVYCaBJG9eYQ2Wvf2f2uhOAIM8xNS8Kds3eizV
    1. Set BOKEH_SECRET_KEY environment variable to generated value;
    $ export BOKEH_SECRET_KEY=oIWDL7DVYCaBJG9eYQ2Wvf2f2uhOAIM8xNS8Kds3eizV
    1. Set another environment variable: 
    $ export BOKEH_SIGN_SESSIONS=True
    1. Run bokeh server with --session-ids external-signed argument:
    $ bokeh serve myApp --session-ids external-signed

    In this mode user should provide valid (signed) session id to access bokeh server.

    1. Run simple external process to ask users for login and password and generate id's for them. Here is the example based on snippet from Flask documentation:
    

    from functools import wraps
    from flask import request, Response, redirect, Flask
    from bokeh.util import session_id

    app = Flask(__name__)

    def check_auth(username, password):
        return username == 'valid_user' and password == 'valid_password'

    def authenticate():
        """Sends a 401 response that enables basic auth"""
        return Response(
        'Could not verify your access level for that URL.\n'
        'You have to login with proper credentials', 401,
        {'WWW-Authenticate': 'Basic realm="Login Required"'})

    def requires_auth(f):
        @wraps(f)
        def decorated(*args, **kwargs):
            auth = request.authorization
            if not auth or not check_auth(auth.username, auth.password):
                return authenticate()
            return f(*args, **kwargs)
        return decorated

    @app.route('/')
    @requires_auth
    def redirect_to_bokeh():
        s_id = session_id.generate_session_id()
        return redirect("http://<bokeh-server-addr>:<port>/?bokeh-session-id={}".format(s_id), code=302)

    if __name__ == "__main__":
        app.run()
    1. Now to access bokeh server user should go to Flask application and specify login and password.
    0 讨论(0)
 看不清?
提交回复
热议问题