Read Different File for Different User Authentication Shiny
Simple and secure authentication mechanism for single 'Shiny' applications. Credentials are stored in an encrypted 'SQLite' database. Password are hashed using 'scrypt' R package. Source code of master application is protected until hallmark is successful.
Live demo:
- On Shiny-server: http://shinyapps.dreamrs.fr/shinymanager-demo/
- On shinyapps.io : https://dreamrs.shinyapps.io/shinymanager-demo/
You tin authenticate with:
- user:
shiny/ password:shiny - user:
shinymanager/ password:shinymanager(Admin)
Online documentation : https://datastorm-open.github.io/shinymanager/
News on shinymanager 1.0.400
- (#84) : new FAB button with a position argument
- (#81) : keep request query string. Thank you @erikor
- (#24) : secure_server() : added keep_token arg
- (#54) add castilian. Thanks @EAMI91
- (#98) add together german. Cheers @indubio
- (#106) add polish. Thank you @StatisMike
- (#39) : set utilize shiny bookmarking
- Admin style: new edit multiple users
- Add together full language label using
choose_language - (#66) fix
quantedabad interaction - (#71) ready logs count for admin user
- (#26) : restrict number of users
Installation
Install from CRAN with :
Or install development version from GitHub :
Usage
Secure your Shiny app to command who can admission information technology :
-
secure_app()&auth_ui()(customization) -
secure_server()&check_credentials()
# ascertain some credentials credentials <- information.frame ( user = c ( "shiny", "shinymanager" ), # mandatory password = c ( "azerty", "12345" ), # mandatory start = c ( "2019-04-15" ), # optinal (all others) expire = c ( NA, "2019-12-31" ), admin = c ( Fake, TRUE ), annotate = "Uncomplicated and secure authentification mechanism for single 'Shiny' applications.", stringsAsFactors = Imitation ) library ( shiny ) library ( shinymanager ) ui <- fluidPage ( tags $ h2 ( "My secure application" ), verbatimTextOutput ( "auth_output" ) ) # Wrap your UI with secure_app ui <- secure_app ( ui ) server <- function ( input, output, session ) { # call the server part # check_credentials returns a role to cosign users res_auth <- secure_server ( check_credentials = check_credentials ( credentials ) ) output $ auth_output <- renderPrint ( { reactiveValuesToList ( res_auth ) } ) # your classic server logic } shinyApp ( ui, server ) Starting page of the application volition exist :
One time logged, the awarding will be launched and a push added to navigate between the app and the admin console (SQL credentials only and if user is authorized to access it), and to logout from the application :
Secure database
Shop your credentials data in SQL database protected with a symmetric AES encryption from openssl, and password hashing using scrypt :
-
create_db()
# Init DB using credentials data credentials <- information.frame ( user = c ( "shiny", "shinymanager" ), countersign = c ( "azerty", "12345" ), # password will automatically be hashed admin = c ( FALSE, TRUE ), stringsAsFactors = Imitation ) # y'all tin can apply keyring package to set database key library ( keyring ) key_set ( "R-shinymanager-cardinal", "obiwankenobi" ) # Init the database create_db ( credentials_data = credentials, sqlite_path = "path/to/database.sqlite", # volition be created passphrase = key_get ( "R-shinymanager-key", "obiwankenobi" ) # passphrase = "passphrase_wihtout_keyring" ) # Wrap your UI with secure_app, enabled admin mode or not ui <- secure_app ( ui, enable_admin = TRUE ) server <- function ( input, output, session ) { # check_credentials direct on sqlite db res_auth <- secure_server ( check_credentials = check_credentials ( "path/to/database.sqlite", passphrase = key_get ( "R-shinymanager-key", "obiwankenobi" ) # passphrase = "passphrase_wihtout_keyring" ) ) output $ auth_output <- renderPrint ( { reactiveValuesToList ( res_auth ) } ) # your classic server logic ... } Admin way
Using SQL database protected, an admin manner is available to manage admission to the awarding, features included are
- manage users account : add, modify and delete users
- enquire the user to change his password
- see logs virtually application usage
Use your own function ?
Y'all can too employ your own authentification office with check_credentials, for example doiing a control to your intern database. check_credentials must be a function with ii arguments user & password, returning a to the lowest degree with at least consequence (Truthful to authorize acces, or FALSE) and user_info (all you want to retrieve from the user in the app) :
require(RPostgreSQL) library(shiny) library(shinymanager) library(DBI) library(mucilage) dbname = "*****" host = "localhost" port = ***** user = "*****" countersign = "******" con <- dbConnect(dbDriver("PostgreSQL"), dbname = dbname , host = host, port = port , user = user, countersign = password ) DBI:: dbWriteTable(con, "my_table", information.frame( user = c("exam"), countersign = c("123"), stringsAsFactors = FALSE )) # or a config .yml file or others arguments my_custom_check_creds <- part(dbname, host, port, db_user, db_password) { # finally one role of user and countersign role(user, password) { con <- dbConnect(dbDriver("PostgreSQL"), dbname = dbname, host = host, port = port, user = db_user, password = db_password) on.exit(dbDisconnect(con)) req <- glue_sql("SELECT * FROM my_table WHERE \" user \" = ({user}) AND \" countersign \" = ({countersign})", user = user, countersign = password, .con = con ) req <- dbSendQuery(con, req) res <- dbFetch(req) if (nrow(res) > 0) { list(upshot = TRUE, user_info = list(user = user, something = 123)) } else { listing(result = FALSE) } } } ui <- fluidPage( tags$ h2("My secure application"), verbatimTextOutput("auth_output") ) ui <- secure_app(ui) server <- function(input, output, session) { res_auth <- secure_server( check_credentials = my_custom_check_creds( dbname = "******", host = "*****", port = ** **, db_user = "*****", db_password = "*******" ) ) auth_output <- reactive({ reactiveValuesToList(res_auth) }) # access info observe({ print(auth_output()) }) } shinyApp(ui, server) Flexdasboard
It's possible to use shinymanager authentification on flexdashboard (but not admin console at moment). You can find information on this discussion. Only it's not a actually secure style because user tin can overpass the authentification using developper console… Adopt use shiny awarding with secure_app function.
shinyapps.io
At that place's no persistent data storage on shinyapps.io, you can read more than hither : https://docs.rstudio.com/shinyapps.io/Storage.html. So your sqlite database is lost when the instance is closed, and the one you've pushed when deploying the application will be used. You have to use external database.
It's possible to utilize shinymanager authentification on flexdashboard (but not admin console at moment). You can find information on this discussion. Only it's non a really secure way because user can overpass the authentification using developper console… Prefer utilise shiny awarding with secure_app function.
Troubleshooting
The application works fine without shinymanager but not you lot accept trouble using shinymanager.
There is a lag between your ui and the server, since shinymanger hides the ui part until authentication is successful. It is therefore possible that some of `ui chemical element`` (input) are not defined and are NULL. In this example, you'll see some warning / fault message in your R console.
So we recommend to use in all your reactive/observer functions the req instruction to validate the inputs.
1 more than global and roughshod solution tin can exist :
server <- role(input, output, session) { auth_out <- secure_server(....) observe({ if(is.null(input$shinymanager_where) || (!is.null(input$shinymanager_where) && input$shinymanager_where %in% "application")){ # your server app code } }) } Just information technology's better to use req solution. More word on https://github.com/datastorm-open/shinymanager/issues/36
HTTP asking
shinymanager use http asking and sha256 tokens to grant access to the awarding, like this the source lawmaking is protected without having the need to modify your UI or server code.
Virtually security
The credentials database is secured with a pass phrase and the openssl bundle. Hashed countersign using scrypt. If you lot have business concern nearly method we apply, delight fill up an issue.
Source: https://datastorm-open.github.io/shinymanager/
0 Response to "Read Different File for Different User Authentication Shiny"
Enregistrer un commentaire