-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
basicauth.go
64 lines (52 loc) · 1.56 KB
/
basicauth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
//go:build !tinygo
package hub
import (
"crypto/sha256"
"crypto/subtle"
"net/http"
)
// HTTP Basic Authentication middleware
func basicAuth(w http.ResponseWriter, r *http.Request) bool {
var user = Getenv("USER", "")
var passwd = Getenv("PASSWD", "")
// skip basic authentication if no user
if user == "" {
return true
}
ruser, rpasswd, ok := r.BasicAuth()
if ok {
userHash := sha256.Sum256([]byte(user))
passHash := sha256.Sum256([]byte(passwd))
ruserHash := sha256.Sum256([]byte(ruser))
rpassHash := sha256.Sum256([]byte(rpasswd))
// https://www.alexedwards.net/blog/basic-authentication-in-go
userMatch := (subtle.ConstantTimeCompare(userHash[:], ruserHash[:]) == 1)
passMatch := (subtle.ConstantTimeCompare(passHash[:], rpassHash[:]) == 1)
if userMatch && passMatch {
return true
}
}
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
http.Error(w, "Unauthorized", http.StatusUnauthorized)
return false
}
// basicAuthHandler middleware function for http.Handler
func basicAuthHandler(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if !basicAuth(w, r) {
return
}
// Call the next handler if the credentials are valid
next.ServeHTTP(w, r)
})
}
// basicAuthHandlerFunc middleware function for http.HandlerFunc
func basicAuthHandlerFunc(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if !basicAuth(w, r) {
return
}
// Call the next handler if the credentials are valid
next(w, r)
}
}