/sendfile_osm_oauth_protector

use OAuth from OpenStreetMap to protect static files served by Apache

Primary LanguagePythonBSD 2-Clause "Simplified" LicenseBSD-2-Clause

sendfile-osm-oauth-protector

This tool is designed as an drop-in replacement for websites whose content is served as static files (not generated dynamically by a PHP, Node.JS, Python or whatever software) by Apache and which should only be accessible to OpenStreetMap contributors.

The OpenStreetMap contributor is asked to authorize read access to the user's OpenStreetMap settings. Sendfile-osm-oauth-protector will use the granted access to verify that an OpenStreetMap contributor. If the verification succeeds, the contributor gets a cookie. The cookie contains the encrypted and signed access token granted to Sendfile-osm-oauth-protector.

This repository also contains a client program written in Python to retrieve automate the authentication and OAuth authorization process to make it possible to access the protected ressources without human interaction.

Requirements

Client

The client requires Python 3 and the Requets library.

Debian/Ubunut: apt install python3 python3-requets

Pip: pip install requests

Server

This tool is suitable for statically served websites only using Apache.

Requirements:

  • Apache
  • mod_xsendfile
  • mod_wsgi or any other WSGI server

Documentation

For users

This repository contains a client programme written in Python to retrieve cookies without user interaction. The client documentation explains its usage.

There is a cookie status API telling you whether your cookie is still valid. Depending on server settings, cookies are valid for a few hours only (default: 48 hours).

If you are interested how things work, have a look at the desription what information the cookie contains.

For admins

If you want to put a static website behind a OSM authentication, read the setup documentation and how this tool works.

License

See LICENSE.md