# Securing TiddlyWiki on Node.js
This guide covers using Pomerium to add authentication and authorization to an instance of TiddlyWiki on NodeJS (opens new window).
# What is TiddlyWiki on Node.js
TiddlyWiki is a personal wiki and a non-linear notebook for organizing and sharing complex information. It is available in two forms:
- a single HTML page
- a Node.js application (opens new window)
We are using the Node.js application in this guide.
# Where Pomerium fits
TiddlyWiki allows a simple form of authentication by using authenticated-user-header parameter of listen command (opens new window). Pomerium provides the ability to login with well-known identity providers.
# Pre-requisites
This guide assumes you have already completed one of the quick start guides, and have a working instance of Pomerium up and running. For purpose of this guide, We will use docker-compose, though any other deployment method would work equally well.
# Configure
# Pomerium Config
jwt_claims_headers: email
policy:
- from: https://wiki.example.local
to: http://tiddlywiki:8080
allowed_users:
- reader1@example.com
- writer1@example.com
# Docker-compose
version: "3"
services:
pomerium:
image: pomerium/pomerium:latest
volumes:
# Use a volume to store ACME certificates
- ./config.yaml:/pomerium/config.yaml:ro
ports:
- 443:443
tiddlywiki_init:
image: elasticdog/tiddlywiki:latest
volumes:
- ./wiki:/tiddlywiki
command: ['mywiki', '--init', 'server']
tiddlywiki:
image: elasticdog/tiddlywiki:latest
ports:
- 8080:8080
volumes:
- ./wiki:/tiddlywiki
command:
- mywiki
- --listen
- host=0.0.0.0
- authenticated-user-header=x-pomerium-claim-email
- readers=reader1@example.com
- writers=writer1@example.com
depends_on:
- tiddlywiki_init
# That's it
Navigate to your TiddlyWiki instance (e.g. https://wiki.example.local
) and log in:
as reader1@example.com: user can read the wiki, but there is no create new tiddler button is show up.
as writer1@example.com: user can read the wiki and create new tiddlers.
as another email: pomerium displays a permission denied error.