[99s-extend] cowboy client cert auth, basic auth

[Daniel Goertzen]

On Wed, Jun 4, 2014 at 4:48 PM, Loïc Hoguin <essen at ninenines.eu> wrote:

> On 06/04/2014 10:08 PM, Daniel Goertzen wrote:
>
>> I am having very good luck with Cowboy so far, but I have some questions:
>>
>> 1. There doesn't appear to be any way to do client certificate
>> authorization in Cowboy, although I see there is an example for doing
>> exactly that with Ranch.  I think I could modify Cowboy to do what I
>> want, but I thought I would ask if there were other options before doing
>> that.
>>
>
> Same as Ranch really, you just gotta take the socket and then call the ssl
> functions.
>
>
Yes, but in cowboy there's no API to get at the socket.

I was thinking of adding a "onconnect" hook similar to how there are
"onrequest" and "onresponse" hooks.  The hook would be called in
cowboy_protocol:init(), would accept Transport and Socket, and return a
"user connection state" term that gets stashed in the state record.  The
user connection state would then be provided in the Req object to each
handler.  With these features one could do whatever computation they want
on the socket and provide the result to all subsequent requests on that
socket.  I want to use it for client cert checking, but it could be used
for other things such as an IP address security check.

Dan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ninenines.eu/archives/extend/attachments/20140604/2bce99e1/attachment.html>