Rikulo Security

Rikulo Security is a lightweight and highly customizable authentication and access-control framework.


Add this to your pubspec.yaml (or create it):


Then run the Pub Package Manager (comes with the Dart SDK):

pub install


First, you have to implement Authenticator. For sake of description, we use a dummy implementation here called DummyAuthenticator:

import "package:rikulo_security/security.dart";
import "package:rikulo_security/plugin.dart" show DummyAuthenticator;
final authenticator = new DummyAuthenticator()
  ..addUser("john", "123", ["user"])
  ..addUser("peter", "123", ["user", "admin"]);

Second, you can use SimpleAccessControl or implement your own access control (AccessControl):

import "package:rikulo_security/plugin.dart" show SimpleAccessControl;
final accessControl = new SimpleAccessControl({
  "/admin/.*": ["admin"],
  "/member/.*": ["user", "admin"]

Finally, instantiate Security with the authenticator and access control you want:

 final security = new Security(authenticator, accessControl);
 new StreamServer(uriMapping: {
   "/s_login": security.login,
   "/s_logout": security.logout,
   "/login": login //your login form
 }, filterMapping: {
   "/.*": security.filter

The /s_login and /s_logout paths can be any URI you prefer, as long as they match the URI you specify in your login form. For example,

<form action="/s_login" method="post" accept-charset="UTF-8">
  <input name="s_username" type="text" autofocus="true" size="30"/><br/>
  <input name="s_password" type="password" size="30"/>
  <p><button type="submit">Sign in</button></p>

Also notice that, if a user accesses a protected URL, he will be redirected to /login to ask him for logging in. Thus, you shall map the login form to /login, as shown above.

Please refer to this sample application for sample code.