I’m curious if anyone here has figured out how to implement a login form for a membership section of a jekyll website. Since there isn’t a database, how can a login form (with a username and password) be used to limit access to a specific area of a Jekyll website? Thanks a bunch for helping!!!
You have to play with basic authentication:
- Nginx: Restricting Access with HTTP Basic Authentication | NGINX Plus
- Apache: Authentication and Authorization - Apache HTTP Server Version 2.4
However to register the user you need some sort of server-side script, let’s say PHP:
- to generate the password in the auth file directly;
- to send an email to a specific address that can be read from a script in your local server that parses the message and generates & loads the auth file (in that case also Javascript in place of PHP might be a good solution).
You may play with something like mod_oauth2 or mod_auth_openidc for apache to delegate the authentication to an external openid/oauth2 server (did not try, I’ll let you dig in ;))
1 Like
MongoDB (the company) has a product, MongoDB Realm, that can handle user authentication for static sites. It used to be called MongoDB Stitch.
I tested it extensively a few years ago on a large Jekyll site, and it fit my use case perfectly. That project used MongoDB upstream of the Jekyll build, so the decision was easy. It also has a decent free tier. It may be far more than you need though (see basic auth suggestions above).
The Realm ecosystem has grown considerably since those early days - you want the Web SDK (link below).
I believe Netlify now has an Identity product, and I suspect several other JAMstack companies have jumped on the bandwagon as well. The search term you want to Google is “adding dynamic components to a static site”…add “authentication” to the end to drill down.
Hello,
I thing you can use JavaScript to handle form submission and validate credentials. You can perform basic client-side validation to ensure fields are not empty before submission. You can also create layouts that check if users are authenticated before displaying sensitive content.
Thanks
So, I have a different angle on this. IF what you want to limit access to is something simple as a file to download, etc. and you can accept a single shared password to that file then you might just do something like having the file stored in /restricted//document.pdf
Then you create a password form that uses javascript to calculate the (salted) sha256 of the provided password and then redirects the user to the url /restricted//document.pdf
Now, either this URL exists (if the hash is correct) or it does not.
If it exists, the user will then download the file. If not, the user will see an error. This will be a 404 error. You may want to customize the 404 error page for /restricted/ to say something like “Incorrect password” And a link back to the form.
Please note that this is obviously not high level security. But it is often Good Enough™ and it is purely static/client side.
This may or may not fit your use case. But wanted to throw the idea out there as I have used this with success on several projects.