-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathauth.go
95 lines (76 loc) · 2.31 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
// Copyright 2020 CleverGo. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be found
// in the LICENSE file.
package middleware
import (
"context"
"net/http"
)
type contextKey int
const (
basicAuthUserKey contextKey = iota
)
// GetBasicAuthUser returns the basic auth username.
func GetBasicAuthUser(r *http.Request) string {
username, _ := r.Context().Value(basicAuthUserKey).(string)
return username
}
// BasicAuthValidate is a function that validate username and password.
type BasicAuthValidate func(username, password string) bool
// BasicAuthOption is a function that apply on basic auth.
type BasicAuthOption func(*basicAuth)
// BasicAuthRealm is an option to sets realm.
func BasicAuthRealm(v string) BasicAuthOption {
return func(ba *basicAuth) {
ba.realm = v
}
}
// BasicAuthErrorHandler is an option to handle validation failed.
func BasicAuthErrorHandler(h http.Handler) BasicAuthOption {
return func(ba *basicAuth) {
ba.errorHandler = h
}
}
type basicAuth struct {
realm string
validate BasicAuthValidate
errorHandler http.Handler
next http.Handler
}
func (ba *basicAuth) handleFailure(w http.ResponseWriter, r *http.Request) {
if ba.errorHandler != nil {
ba.errorHandler.ServeHTTP(w, r)
return
}
http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
}
// ServeHTTP implements http.Handler.
func (ba *basicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) {
w.Header().Set("WWW-Authenticate", `Basic realm="`+ba.realm+`"`)
username, password, ok := r.BasicAuth()
if !ok || !ba.validate(username, password) {
ba.handleFailure(w, r)
return
}
ctx := context.WithValue(r.Context(), basicAuthUserKey, username)
r = r.WithContext(ctx)
ba.next.ServeHTTP(w, r)
}
// BasicAuth returns a basic auth middleware.
func BasicAuth(validate BasicAuthValidate, opts ...BasicAuthOption) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return BasicAuthHandler(next, validate, opts...)
}
}
// BasicAuthHandler returns a basic auth handler.
func BasicAuthHandler(next http.Handler, validate BasicAuthValidate, opts ...BasicAuthOption) http.Handler {
ba := &basicAuth{
validate: validate,
realm: "Restricted",
next: next,
}
for _, opt := range opts {
opt(ba)
}
return ba
}