Overview

This is a memo about trying Cantaloupe’s Access Control.

https://cantaloupe-project.github.io/manual/5.0/access-control.html

Bearer Authentication

I referenced the following.

https://cantaloupe-project.github.io/manual/5.0/access-control.html#Tiered Access

All or Nothing Access

This returns an error when the authentication information is incorrect.

I configured it so that images are returned when the token is test, as shown below.

def authorize(options = {})
    header = context['request_headers']
                 .select{ |name, value| name.downcase == 'authorization' }
                 .values.first

    if header&.start_with?('Bearer ')
      token = header[7..header.length - 1]
      if token == "test"
        return true
      end
    end
    return {
        'status_code' => 401,
        'challenge' => 'Bearer charset="UTF-8"'
    }
  end

I created a Google Colab notebook to verify the above behavior.

https://colab.research.google.com/github/nakamura196/000_tools/blob/main/Cantaloupeのaccess_controlのテスト.ipynb

The results show that when the token is correct, images can be retrieved, and when the token is incorrect or not provided, images cannot be retrieved.

Login with Degraded Access for Unauthenticated Users

The iiif-auth-server provides an example of login with degraded access for unauthenticated users, and I tried to reproduce it in Cantaloupe.

https://github.com/digirati-co-uk/iiif-auth-server

Specifically, when authentication information is incorrect, a grayscale image is returned. There may be some errors, but I prepared the following script.

def authorize(options = {})
    header = context['request_headers'].find { |name, value| name.downcase == 'authorization' }&.last

    request_uri = context['request_uri']
    filename, extension = extract_filename_and_extension(request_uri)

    return true if filename == "gray"

    if header&.start_with?('Bearer ')
      token = header[7..-1]
      return true if token == "test"
    end

    {
      'status_code' => 302,
      'location' => "#{request_uri.sub(filename + extension, "gray#{extension}")}"
    }
  end

  def extract_filename_and_extension(uri_str)
    uri = URI.parse(uri_str)
    filename_with_extension = uri.path.split("/").last

    filename = File.basename(filename_with_extension, ".*") # Use ".*" to remove any extension
    extension = File.extname(filename_with_extension)

    [filename, extension]
  end

The Google Colab execution results are shown below. Unauthenticated users receive a grayscale image, while authenticated users receive a color image.

Summary

I would like to use the above features to attempt implementing the IIIF Authentication API.