thentos-cookie-session alternatives and similar packages
Based on the "Authentication" category
Do you think we are missing an alternative of thentos-cookie-session or a related project?
A tool for privacy-preserving identity management (PPIM)
we will release some libraries that have come out of this project in the future. updates on that will be posted here.
Thentos (/'tentɒs/) is the Swiss army knife of web application user management. Its focus is on privacy and decentralization of control. It is actively developed by liquid democracy e.V., a non-profit NGO that has no stakes in user data as a product. It is not designed as a closed platform, but for cooperative and autonomous operation by many independent organisations.
Things we are going to do with the Thentos code base:
use it as a library to offer Twitter or GitHub SSO to your users,
run it as a proxy in front of your application that does all the user management for you (a bit like sproxy, but not restricted to oauth/google+),
run your own PPIM service or connect it to a federated network of PPIM services,
get rid of user data as a liability, and let some trusted third party do authorization and identity management for you,
distribute user information from your corporate legacy databases to your services with minimal exposure.
Architecture overview and code structure
There are several packages in this repository:
thentos-core: the core package with the base functionality shared by most use cases.
thentos-tests: tests for
thentos-coreand common test utility functions for derived Thentos packages as a library
thentos-adhocracy: integration with adhocracy3
thentos-purescript: UI widgets (not cabal; highly experimental).
A quick walk through the code of
Thentos.Types: the core types of the Thentos data model.
Thentos.Transaction...: SQL queries with 'EitherT' exceptions.
Thentos.Transactionimplements an abstract API over the database schema. Thentos persistence is based on PostgreSQL.
Thentos.Action...: authorization-controlled actions in the
Actionmonad. Actions usually involve calling transactions, but also access to randomness, system time, configuration options, and other things.
This is where the application logic goes so it can be shared by backend and frontend (see below).
Actionis based on
IOand provides information flow as well as authorization control. This makes it possible to, say, write a new REST API dialect in a
Safemodule so that the compiler can generate a proof of the adherence to the security policy expressed in the types of the actions.
Actionalso provides polymorphic
StateTthat is used by the frontend for session management.
Thentos.Backend...: REST APIs based on servant, wai, warp. Servant allows to organise APIs by features and compose them freely for different deployment scenarios. For example, you can pluck a set of user registration end-points and handlers from
Thentos.Backend.Api.Simpleand use them in an adhocracy-compatible API as an add-on in package
Thentos.Frontend...: HTML-based user interface, also based on servant, wai, warp (highly experimental).
This contains a prototype of a user management dashboard that can be used by application owners and users to manage many applications.
(In principle, servant makes it possible to run the same end-points in both backend (delivering JSON) and frontend (delivering HTML) mode based on the content-type header. However, in practice there are many differences: REST APIs are stateless, but HTML-based UIs have sessions; REST APIs serve self-contained pieces of data, but HTML-based UIs deliver pages containing many independent bits of information.)
Start by cloning the Thentos repository from GitHub.
$ git clone https://github.com/liqd/thentos $ cd thentos $ git submodule update --init
You need to have ghc-7.10 and some extra tools installed. On debian, you can do this:
$ sudo bash # add-apt-repository ppa:hvr/ghc # apt-get update # apt-get install ghc-7.10.3 happy-1.19.5 alex-3.1.4 cabal-install-1.22 # apt-get install libpq-dev git # apt-get install postgresql-client git # apt-get install xvfb # (for selenium tests; see below). # apt-get install sox espeak # (for audio captchas).
The hvr-haskell programs go to their own peculiar paths under
/opt/<prog>/<ver>; you can take a peek at
.travis.yml on how to
To run executables or tests, you will need to install PostgreSQL. Depending on your setup, you may need to cast some authorization spells. Here is what works on debian:
$ sudo -u postgres createuser thentos -d $ echo "alter role thentos superuser" | sudo -u postgres psql
thentos, you can choose your unix login name as postgres
user name and skip setting the shell variable.)
$ sudo apt-get install nodejs npm
Make sure that nodejs is also found under the name "node", since some of the PureScript install scripts expect that:
ln -s /usr/bin/nodejs /usr/bin/node
Now run the installation script and the tests:
This will take a while, as it will pull and build a lot of library dependencies.
Note that the tests require selenium to work. If you have no selenium
grid set up, you can either read
./misc/selenium/Makefile and get it
to work (see there for more details and links to the download page),
or do without that part of the test suite:
$ ./misc/thentos-install.hs -c '--test-options="--skip selenium"'
If you want to use vagrant to run Thentos in a virtual machine, visit https://github.com/tarleb/thentos-vagrant.
If you run into any problems, you can check
.travis.yml for an
up-to-date way of getting all the dependencies installed.
Please notify us if you want something to be added.
In alphanumerical order. Please let us know if we forgot to add you, or if you would like us to link to your GitHub handle / email.
- Albert Krewinkel
- Andor Penzes
- Andres Löh
- Christian Siefkes
- Florian Hartwig
- Henning Thielemann
- Julian Arni
- Matthias Fischmann
- Nicolas Pouillard
- Robert Vollmert
- Scott Sadler
- Sönke Hahn
If you want to get involved or have any questions, we would love to hear from you! Please also read docs/dev-howtos.md and docs/styleguide.md to learn more about our development practices and our coding guidelines for Haskell.