NpgsqlRest

Appearance

Comments
Written with Claude
IMPORTANT

As you may notice, this page and pretty much the entire website were obviously created with the help of AI. I wonder how you could tell? Was it a big "Written With Claude" badge on every page? I moved it to the top now (with the help of AI of course) to make it even more obvious. There are a few blogposts that were written by me manually, the old-fashioned way, I hope there will be more in the future, and those have a similar "Human Written" badge. This project (not the website), on the other hand, is a very, very different story. It took me more than two years of painstaking and unpaid work in my own free time. A story that, hopefully, I will tell someday. But meanwhile, what would you like me to do? To create a complex documentation website with a bunch of highly technical articles with the help of AI and fake it, to give you an illusion that I also did that manually? Like the half of itnernet is doing at this point? How does that makes any sense? Is that even fair to you? Or maybe to create this website manually, the old-fashioned way, just for you? While working a paid job for a salary, most of you wouldn't even get up in the morning. Would you like me to sing you a song while we're at it? For your personal entertainment? Seriously, get a grip. Do you find this information less valuable because of the way this website was created? I give my best to fix it to keep the information as accurate as possible, and I think it is very accurate at this point. If you find some mistakes, inaccurancies or problems, there is a comment section at the bottom of every page, which I also made with the help of the AI. And I woould very much appreciate if you leave your feedback there. Look, I'm just a guy who likes SQL, that's all. If you don't approve of how this website was constructed and the use of AI tools, I suggest closing this page and never wever coming back. And good riddance. And I would ban your access if I could know how. Thank you for your attention to this matter.

Basic Auth Configuration

HTTP Basic Authentication support with Authorization: Basic base64(username:password) header.

Overview

json
json
{
  "NpgsqlRest": {
    "AuthenticationOptions": {
      "BasicAuth": {
        "Enabled": false,
        "Realm": null,
        "Users": {},
        "SslRequirement": "Required",
        "UseDefaultPasswordHasher": true,
        "ChallengeCommand": null
      }
    }
  }
}

Settings

SettingTypeDefaultDescription
EnabledboolfalseEnable Basic Authentication support.
RealmstringnullAuthentication realm. Uses "NpgsqlRest" if null.
Usersobject{}Username/password dictionary. Value is password or hash depending on UseDefaultPasswordHasher.
SslRequirementstring"Required"SSL requirement: "Ignore", "Warning", or "Required".
UseDefaultPasswordHasherbooltrueExpect hashed passwords in configuration.
ChallengeCommandstringnullPostgreSQL command for authentication challenge.

SSL Requirement Values

ValueDescription
IgnoreAllow Basic Auth without SSL (debug log warning).
WarningIssue log warning when connection is not secure.
RequiredEnforce SSL/TLS connection.

Challenge Command Parameters

ParameterTypeDescription
$1textUsername from Basic Auth header.
$2textPassword from Basic Auth header.
$3boolPassword validation result (true/false/null if no password defined).
$4textBasic Auth realm.
$5textEndpoint path.

Static Users Example

Configure users directly in the configuration file:

json
json
{
  "NpgsqlRest": {
    "AuthenticationOptions": {
      "BasicAuth": {
        "Enabled": true,
        "Realm": "MyAPI",
        "SslRequirement": "Required",
        "UseDefaultPasswordHasher": false,
        "Users": {
          "admin": "secret123",
          "user1": "password456"
        }
      }
    }
  }
}

WARNING

When UseDefaultPasswordHasher is false, passwords are stored in plain text. Use hashed passwords in production.

Database Authentication Example

Use a PostgreSQL function for authentication challenge:

json
json
{
  "NpgsqlRest": {
    "AuthenticationOptions": {
      "BasicAuth": {
        "Enabled": true,
        "Realm": "MyAPI",
        "SslRequirement": "Required",
        "UseDefaultPasswordHasher": true,
        "ChallengeCommand": "select * from basic_auth_login($1, $2, $3)"
      }
    }
  }
}

Challenge Function Example

sql
sql
create function basic_auth_login(
    _username text,
    _password text,
    _validated bool
)
returns table (
    status bool,
    user_id int,
    user_name text,
    user_roles text[]
)
language plpgsql as $$
begin
    -- Check if password was validated by static users
    if _validated = true then
        return query
        select true, 1, _username, array['admin']::text[];
        return;
    end if;

    -- Validate against database
    return query
    select
        u.password_hash = crypt(_password, u.password_hash),
        u.id,
        u.username,
        array_agg(r.role_name)
    from users u
    left join user_roles r on r.user_id = u.id
    where u.username = _username
    group by u.id, u.username, u.password_hash;
end;
$$;

Complete Example

Production configuration with Basic Authentication:

json
json
{
  "NpgsqlRest": {
    "AuthenticationOptions": {
      "BasicAuth": {
        "Enabled": true,
        "Realm": "MyAPI",
        "SslRequirement": "Required",
        "UseDefaultPasswordHasher": true,
        "ChallengeCommand": "select * from basic_auth_login($1, $2, $3)"
      }
    }
  }
}

Next Steps

Comments