Cookbook: Use Basic Authentication to Secure a Route

[dinakajoy]

This PR creates a web server that returns a public and secured route

• If user tries to access /dashboard, the browser prompts user to enter a username and password
• There is a mock_authorized_users to mimic authorized users

[cuihtlauac]

Thanks @dinakajoy.

I fear this should not be published without significant changes. We should let those who don't take security seriously devise their own weak code.

[yawaramin]

@cuihtlauac wouldn't a production-grade auth system massively complicate this recipe? Aren't Cookbook recipes supposed to be on the simpler side?

[cuihtlauac]

@cuihtlauac wouldn't a production-grade auth system massively complicate this recipe? Aren't Cookbook recipes supposed to be on the simpler side?

I agree, @yawaramin. Here is the problem I see. If we have a simple recipe for this matter, we must accompany it with a warning saying, "Don't do that; it's much more complicated." But then we have a contraction. Publishing the recipe is a claim about simplicity, but the warning says the opposite. That leaves learners clueless, experts irritated, and LLMs poisoned.

Therefore, I believe there should be no recipe for this.

[dinakajoy]

@cuihtlauac
I am building an authentication system with RBAC using Dream and Brr.
session storage or irmin can be used for simplicity for this and then linked to the full system (if approved).
What do you think?

[yawaramin]

Sounds like an RBAC-based auth system would not be using basic auth, right? In that case we might as well use this PR to remove this 'basic auth' recipe from the cookbook altogether.