Http4s authentication with cats-effects IO

Lambda Ops

Background

In my previous post I have discussed about building fully functional HTTP REST application with http4s, doobie, cats-effects libraries. In this post I’m gonna discuss about enabling authentication in the REST application with http4s AuthMiddleware. All the source codes which related to this post available in gitlab. Please clone the repo and continue the post.

Dependencies

Following is the build.sbt dependency file I have used in the application. It contains the dependencies for http4s, circe-json. Additionally I have used kind-projector compiler plugin which provides a clearer syntax for type lambdas.

I have used sbt-tpolecat sbt plugin in this application. sbt-tpolecat plugin automagically configuring scalac options according to the project Scala version. This plugin is helpful to compile the http4s AuthMiddleware related functions. Following is the projects/plugins.sbt file with plugin dependency.

Auth middleware

First I have defined the http4s AuthMiddlewre to use the authentication function with http4s. I have used authUser function which wrapped with Kleisly to handle the user authentication. It validates the authentication of the user based on HTTP Authorization header. getAuthUserFromHeader function used to find the auth user based on Authorization header value. This function returns mock user in this example, in real scenario we need to get the auth user from auth storage/session storage(e.g database, cache etc). The AuthMiddleware used the authUser function and onAuthFailure functions. On unauthorized requests onAuthFailure function will response HTTP unauthorized(HTTP 401) status. In this example I’m using token based authentication(user authentication checks with the HTTP Authorization header). We can use various authentication mechanisms with http4s auth middleware(e.g Basic auth, JWT auth etc).

Authed route

Then I have defined routes in the application. I have two routes(documents, accounts) in this application. documents route built with AuthedRoutes and accounts route built with HttpRoutes. I have combined these routes into auth middleware by using CombineK(<+>) function.

Server application

Finally I have built the HTTP server on port 8080 with http4s BlazeServerBuilder. It serves the authentication enabled routes defined in the application. Following is the full source of the applications.

Test application

When we run this application it will starts documents and accounts REST API end points on 8080 port. I can test these end points with following curl requests.

Reference

1. https://medium.com/wix-engineering/http4s-service-with-authentication-using-tsec-9c5b97004c19
2. https://medium.com/rahasak/hacking-with-http4s-doobie-and-cats-effects-4fc54068ea10
3. https://www.reddit.com/r/scala/comments/b02vn4/need_help_with_http4s_and_authentication/
4. https://github.com/kevinmeredith/http4s-auth-404-example
5. https://medium.com/rahasak/doobie-and-cats-effects-d01230be5c38
6. https://github.com/don41382/zio-http4s-doobie-auth-example