Release 1.2.0: Added basic authentication

Author: c4s4

Diff for: CHANGELOG.yml

@@ -1,5 +1,11 @@
 # Semantic changelog: https://github.com/c4s4/changelog
 
+- version: 1.2.0
+  date:    2015-07-28
+  summary: Added basic authentication
+  added:
+  - "Added basic authentication, passing auth file path on command line."
+
 - version: 1.1.0
   date:    2015-07-28
   summary: Added package upload

Diff for: README.md

@@ -34,7 +34,19 @@ Options on command line :
 - *-path* to set the URL path (defaults to *simple*).
 - *-root* to set the directory where packages are living (defaults to current directory).
 - *-shop* to set the URL of the shop for packages that are not found.
+- *-auth* to set the path to the authentication file
 
 The server outputs logs on the terminal. To get help on the console, type `cheeseshop -help`.
 
+The authentication file is made of lines with the username and the MD5 sum of the password separated with a space, such as (for user *foo* with password *bar*):
+
+    foo 37b51d194a7513e45b56f6524f2d51f2
+
+To compute MD5 sum for a given password, in order to fill the authentication file, you may type following command :
+
+    $ echo -n bar | md5sum
+    37b51d194a7513e45b56f6524f2d51f2  -
+
+If no *-auth* option is set on command line, you won't have to authenticate to upload a package to *CheeseShop*.
+
 *Enjoy!*

Diff for: cheeseshop.go

@@ -1,6 +1,8 @@
 package main
 
 import (
+	"bufio"
+	"crypto/md5"
 	"flag"
 	"fmt"
 	"io"
@@ -23,6 +25,9 @@ var port = flag.Int("port", 8000, "The port CheeseShop is listening")
 var path = flag.String("path", "simple", "The URL path")
 var root = flag.String("root", ".", "The root directory for packages")
 var shop = flag.String("shop", "http://pypi.python.org", "Redirection when not found")
+var auth = flag.String("auth", "", "Path to the authentication file")
+
+var users *map[string]string
 
 func listRoot(w http.ResponseWriter, r *http.Request) {
 	log.Printf("Listing root %s", *root)
@@ -74,6 +79,16 @@ func servePackage(dir, file string, w http.ResponseWriter, r *http.Request) {
 }
 
 func copyFile(w http.ResponseWriter, r *http.Request) {
+	if users != nil {
+		u := *users
+		username, password, ok := r.BasicAuth()
+		sum := fmt.Sprintf("%x", md5.Sum([]byte(password)))
+		if !ok || u[username] != sum {
+			log.Printf("Unauthorized access from %s", username)
+			http.Error(w, "Not Authorized", http.StatusUnauthorized)
+			return
+		}
+	}
 	err := r.ParseMultipartForm(100000)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -122,6 +137,32 @@ func handler(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func loadAuthFile(file string) *map[string]string {
+	if file == "" {
+		return nil
+	} else {
+		a := make(map[string]string)
+		f, err := os.Open(file)
+		defer f.Close()
+		if err != nil {
+			log.Fatalf("Error opening authentication file %s", file)
+		}
+		scanner := bufio.NewScanner(f)
+		scanner.Split(bufio.ScanLines)
+		for scanner.Scan() {
+			line := strings.TrimSpace(scanner.Text())
+			if line != "" {
+				parts := strings.Split(line, " ")
+				if len(parts) != 2 {
+					log.Fatalf("Error reading authentication file")
+				}
+				a[parts[0]] = parts[1]
+			}
+		}
+		return &a
+	}
+}
+
 func parseCommandLine() {
 	flag.Parse()
 	absroot, err := filepath.Abs(*root)
@@ -147,6 +188,7 @@ func parseCommandLine() {
 	if *port > 65535 || *port < 0 {
 		log.Fatalf("Bad port number %d", *port)
 	}
+	users = loadAuthFile(*auth)
 }
 
 func main() {