101 lines
2 KiB
Go
101 lines
2 KiB
Go
package middleware
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"strconv"
|
|
"strings"
|
|
|
|
http "github.com/valyala/fasthttp"
|
|
)
|
|
|
|
type (
|
|
BasicAuthConfig struct {
|
|
Skipper Skipper
|
|
Validator BasicAuthValidator
|
|
Realm string
|
|
}
|
|
|
|
BasicAuthValidator func(ctx *http.RequestCtx, login, password string) (bool, error)
|
|
)
|
|
|
|
const DefaultRealm string = "Restricted"
|
|
|
|
const basic string = "basic"
|
|
|
|
//nolint: gochecknoglobals
|
|
var DefaultBasicAuthConfig = BasicAuthConfig{
|
|
Skipper: DefaultSkipper,
|
|
Realm: DefaultRealm,
|
|
}
|
|
|
|
func BasicAuth(validator BasicAuthValidator) Interceptor {
|
|
cfg := DefaultBasicAuthConfig
|
|
cfg.Validator = validator
|
|
|
|
return BasicAuthWithConfig(cfg)
|
|
}
|
|
|
|
func BasicAuthWithConfig(config BasicAuthConfig) Interceptor {
|
|
// Defaults
|
|
if config.Validator == nil {
|
|
panic("middleware: basic-auth middleware requires a validator function")
|
|
}
|
|
|
|
if config.Skipper == nil {
|
|
config.Skipper = DefaultBasicAuthConfig.Skipper
|
|
}
|
|
|
|
if config.Realm == "" {
|
|
config.Realm = DefaultRealm
|
|
}
|
|
|
|
return func(ctx *http.RequestCtx, next http.RequestHandler) {
|
|
if config.Skipper(ctx) {
|
|
next(ctx)
|
|
|
|
return
|
|
}
|
|
|
|
auth := ctx.Request.Header.Peek(http.HeaderAuthorization)
|
|
l := len(basic)
|
|
|
|
if len(auth) > l+1 && strings.EqualFold(string(auth[:l]), basic) {
|
|
b, err := base64.StdEncoding.DecodeString(string(auth[l+1:]))
|
|
if err != nil {
|
|
ctx.Error(err.Error(), http.StatusBadRequest)
|
|
|
|
return
|
|
}
|
|
|
|
cred := string(b)
|
|
for i := 0; i < len(cred); i++ {
|
|
if cred[i] == ':' {
|
|
// NOTE(toby3d): verify credentials.
|
|
valid, err := config.Validator(ctx, cred[:i], cred[i+1:])
|
|
if err != nil {
|
|
ctx.Error(err.Error(), http.StatusBadRequest)
|
|
|
|
return
|
|
}
|
|
|
|
if valid {
|
|
next(ctx)
|
|
|
|
return
|
|
}
|
|
|
|
break
|
|
}
|
|
}
|
|
}
|
|
|
|
realm := DefaultRealm
|
|
if config.Realm != DefaultRealm {
|
|
realm = strconv.Quote(config.Realm)
|
|
}
|
|
|
|
// NOTE(toby3d): require 401 status for login pop-up.
|
|
ctx.SetStatusCode(http.StatusUnauthorized)
|
|
ctx.Response.Header.Set(http.HeaderWWWAuthenticate, basic+" realm="+realm)
|
|
}
|
|
}
|