security for eventmachine web service

Tag: web-services , security , eventmachine Author: wangcongming2007 Date: 2012-03-04

I am exposing a webservice using eventmachine and evma_httpserver as follows:

EM.run{
  puts "Query Server running on port 9000"
  EM.start_server '0.0.0.0', 9000, QueryEngineHttpServer
}

I would like to make it secure, i.e., require a user name and password. I know how to do this using Sinatra, but I'm not using it for this, so I'm no sure how to proceed.

Other Answer1

which kind of authentication do you need? Basic-auth or cookie based?

is this something that can help you ?

module QueryEngineHttpServer
  include EM::HttpServer

  def post_init

    # if you want the connection to be encrypted with ssl
    start_tls({:private_key_file => path_to_key_file,
               :cert_chain_file => path_to_key_file,
               :verify_peer => false})

    # don't forget to call super here !
    super
  end

  def process_http_request

    # Block which fulfills the request (generate the data)
    operation = proc do

        # depending of which kind of auth you want you should have to parse the cookie or the 'autorization' header
        auth = check_for_auth @http_cookie, @http_headers

        # create the response object to be used in the EM::defer callback        
        resp = EM::DelegatedHttpResponse.new(self)
        resp.status = auth ? 200 : 401
        resp.content = 'some content here...'
        resp
    end

    # Block which fulfills the reply (send back the data to the client)
    response = proc do |reply|
      reply.send_response      
    end

    # Let the thread pool handle request
    EM.defer(operation, response)
  end

end