Calmcode - datasette: auth

How to add Authentication to Datasette

1 2 3 4 5 6 7

Prev Video

Next Video

Protect Datasette with Auth Passwords

Sometimes you want to protect your data with a password. To do that we will need one more plugin: datasette-auth-passwords.

Install Datasette Auth

pip install datasette-auth-passwords

Once installed, you'll want to generate a password hash. You can translate a password to a hash on the demo instance.

Metadata

Once you've got a hased password, you can place it in a metadata.json file. This file can be seen as the configuration for your datasette instance.

{
    "title": "personal dataset instance",
    "description": "We can host a few datasettes here.",
    "plugins": {
        "datasette-auth-passwords": {
            "http_basic_auth": true,
            "someusername_password_hash": "<PUT HASH HERE>",
            "actors": {
                "someusername": {
                    "id": "someusername",
                    "name": "API user"
                }
            }
        }
    },
    "databases": {
        "bigmac": {
            "description": "This table shows the big mac index. It can be used as an economic indicator.",
            "source_url": "https://github.com/TheEconomist/big-mac-data",
            "allow": {
                "id": "*"
            }
        }
    }
}

With this metadata.json-file configured you should now locally be able to run datasette with a password configured.

datasette bigmac.db -m metadata.json

Programmatic Access

Adding a password will also require programmatic access to provide credentials. An easy way to explore this is to use insomnia. If you're unfamiliar with it, you might appreciate our tutorial.

Via insomnia you can generate the code required to access datasette. As an example, here's the code using requests that we'd "This table shows the big mac index. It can be used as an economic indicator."

import requests

url = "http://127.0.0.1:8001/bigmac/bigmac.csv"

querystring = {"_size":"max"}

headers = {
    "Content-Type": "application/json",
    "Authorization": "Basic c29tZXVzZXJuYW1lOmhlbGxvd29ybGQ="
}

response = requests.request("GET", url, headers=headers, params=querystring)

print(response.text)

Deployment

A final word on deployment. When you deploy a datasette with metadata, you need to make sure it is passed along in the publish command. Here's an example;

datasette publish cloudrun bigmac.db --service=my-bigmac --install=datasette-vega -m metadata.json