Skip to content

sanand0/staticauth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
app.py
app.py
 
 
pyproject.toml
pyproject.toml
 
 
test_app.py
test_app.py
 
 

Repository files navigation

Static Auth

A minimal static file server with Google OAuth authentication.

  • Serves static files from current directory
  • Google OAuth authentication
  • Email-based access control via regex patterns
  • Blocks access to dotfiles (.git, .env, etc.)
  • CORS enabled

Usage

  1. Create OAuth credentials at Google Cloud Console

    • Set authorized redirect URI to http://localhost:8000/googleauth/
    • If you're deploying at https://yourdomain.com/, add https://yourdomain.com/googleauth/

  2. In the folder where you want to serve files, create a .env file with the following variables. (Or set them as environment variables.) This is typically done using CI/CD pipelines.

    GOOGLE_CLIENT_ID=your-client-id
GOOGLE_CLIENT_SECRET=your-client-secret
REDIRECT_URI=http://localhost:8000/googleauth/
PORT=8000  # Optional, defaults to 8000
AUTH=*@yourdomain.com,specific@email.com  # Optional, defaults to all emails

  3. Run the server:

    uv run https://raw.githubusercontent.com/sanand0/staticauth/main/app.py

Open the browser and navigate to http://localhost:8000. Only users that match the pattern in AUTH will be able to access the files.

Restricting access

The AUTH environment variable is a comma-separated list of email patterns. The patterns are matched against the email address of the user. For example:

  • *@example.com matches all emails from example.com
  • user@example.com matches only user@example.com
  • user*@example.com matches all emails from example.com that start with user
  • *user@example.com matches all emails from example.com that end with user
  • *@*.edu matches all emails from all .edu domains
  • * matches all emails (default if no AUTH or .auth file exists)

You can also use a .auth file in the folder to restrict access, useful to commit email patterns in the repository.

The .auth file is a text file with one pattern per line. The patterns are matched against the email address of the user. For example:

*@example.com       # Allow all emails from example.com
user@example.com    # Allow user@example.com
*@*.edu             # Allow all emails from all .edu domains

NOTE:

  • The .auth file and environment variables are cached. Restart the server if you change either.
  • For security, the server blocks access to all dotfiles (files/folders starting with .)
  • Files are served with cache headers (1 hour private cache) and security headers
  • If the server fails to bind to 0.0.0.0, it will fall back to 127.0.0.1 (localhost only)

Testing

uv run test_app.py

About

A minimal static file server with authentication.

Topics

tool

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages