Basic implementation of web admin basic auth

OtpChatBot · Mar 17, 2014 · c4bc178 · c4bc178
1 parent aa18f52
commit c4bc178
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 12 deletions.
diff --git a/src/web/web_admin_req_handler.erl b/src/web/web_admin_req_handler.erl
@@ -18,6 +18,27 @@ init(_Transport, Req, []) ->
     {ok, Req, undefined}.
 
 handle(Req, State) ->
+
+    Username = "",
+    Password = "",
+
+    % check login credentials
+    {Username1, Password1, Req1} = credentials(Req),
+    {ok, Req2} = case {Username, Password} of
+                    {?USERNAME, ?PASSWORD} ->
+                        authorized(Req1, State);
+                    _ ->
+                        unauthorized(Req)
+                end,
+    {ok, Req2, State}.
+
+terminate(_Reason, _Req, _State) ->
+    ok.
+
+%%=============================================================================
+%% Internal functions
+%%=============================================================================
+authorized(Req, State) ->
     % check body
     case cowboy_req:has_body(Req) of
         true ->
@@ -32,12 +53,6 @@ handle(Req, State) ->
             {ok, Req, State}
     end.
 
-terminate(_Reason, _Req, _State) ->
-    ok.
-
-%%=============================================================================
-%% Internal functions
-%%=============================================================================
 handle_request(Body, Req, State) ->
     % get method and params
     {[{<<"method">>, Method},{<<"params">>, Params}]} = jiffy:decode(Body),
@@ -187,4 +202,50 @@ handle_request(Body, Req, State) ->
 
 %% @doc Format plugins
 format_plugins_helper(Plugins) ->
-    list_to_binary([Lang ++ " " ++ Name ++ " " ++ Path ++ "\n" || {plugin, Lang, Name, Path} <- Plugins]).
+    list_to_binary([Lang ++ " " ++ Name ++ " " ++ Path ++ "\n" || {plugin, Lang, Name, Path} <- Plugins]).
+
+%% Authorization helpers
+credentials(Req) ->
+    {AuthorizationHeader, Req} = cowboy_http_req:header('Authorization', Req),
+    case AuthorizationHeader of
+        undefined ->
+            {undefined, undefined, Req};
+        _ ->
+            {Username, Password} = credentials_from_header(AuthorizationHeader),
+            {Username, Password, Req}
+    end.
+
+credentials_from_header(AuthorizationHeader) ->
+    case binary:split(AuthorizationHeader, <<$ >>) of
+        [<<"Basic">>, EncodedCredentials] ->
+            decoded_credentials(EncodedCredentials);
+        _ ->
+            {undefined, undefined}
+    end.
+
+decoded_credentials(EncodedCredentials) ->
+    case binary:split(base64:decode(EncodedCredentials), <<$:>>) of
+        [Username, Password] ->
+            {Username, Password};
+        _ ->
+            {undefined, undefined}
+    end.
+
+unauthorized(Req) ->
+    {ok, Req} =
+        cowboy_http_req:set_resp_header(<<"Www-Authenticate">>,
+                                        <<"Basic realm=\"Secure Area\"">>, Req),
+    {ok, Req} = cowboy_http_req:set_resp_body(unauthorized_body(), Req),
+    cowboy_http_req:reply(401, Req).
+
+unauthorized_body() ->
+    <<"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\"
+     \"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dt\">
+    <HTML>
+      <HEAD>
+        <TITLE>Error</TITLE>
+        <META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=ISO-8859-1\">
+      </HEAD>
+      <BODY><H1>401 Unauthorized.</H1></BODY>
+    </HTML>
+    ">>.
diff --git a/src/web/ybot_web_admin_sup.erl b/src/web/ybot_web_admin_sup.erl
@@ -21,7 +21,7 @@
 
 start_link() ->
     supervisor:start_link({local, ?MODULE}, ?MODULE, []).
-    
+
 %% @doc Start http server
 %% @end
 -spec start_web_admin() -> {ok, Pid :: pid()} | {error, Reason :: term()}.
@@ -43,12 +43,11 @@ init([]) ->
 
     % http server child process
     ChildSpec = [
-
         {web_admin,
             {web_admin, start_link, []},
              temporary, 2000, worker, []
         }
     ],
 
     % init
-    {ok,{{simple_one_for_one, 10, 60}, ChildSpec}}.
+    {ok,{{simple_one_for_one, 10, 60}, ChildSpec}}.
diff --git a/ybot.config b/ybot.config
@@ -185,13 +185,17 @@
             % Ybot web interface
             %
             {web_admin,
-                [   
+                [
                     % use web admin or not
                     {use_web_admin, true},
                     % Web interface host
                     {webadmin_host, <<"localhost">>},
                     % Web interface port
-                    {webadmin_port, 8000}
+                    {webadmin_port, 8000},
+                    % Web interface authorization
+                    {webadmin_auth,        true},
+                    {webadmin_auth_user,   "foo"},
+                    {webadmin_auth_passwd, "bar"}
                 ]
             },