0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-23 22:27:38 -05:00
caddy/middleware/basicauth/basicauth.go

70 lines
1.7 KiB
Go
Raw Normal View History

2015-04-27 11:56:57 -05:00
// Package basicauth implements HTTP Basic Authentication.
2015-04-23 15:57:07 -05:00
package basicauth
import (
2015-05-30 00:08:01 -05:00
"crypto/subtle"
2015-04-23 15:57:07 -05:00
"net/http"
"github.com/mholt/caddy/middleware"
)
// BasicAuth is middleware to protect resources with a username and password.
// Note that HTTP Basic Authentication is not secure by itself and should
// not be used to protect important assets without HTTPS. Even then, the
// security of HTTP Basic Auth is disputed. Use discretion when deciding
// what to protect with BasicAuth.
type BasicAuth struct {
Next middleware.Handler
Rules []Rule
2015-04-23 15:57:07 -05:00
}
// ServeHTTP implements the middleware.Handler interface.
func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error) {
2015-05-10 01:20:58 -05:00
var hasAuth bool
var isAuthenticated bool
2015-04-23 15:57:07 -05:00
for _, rule := range a.Rules {
for _, res := range rule.Resources {
if !middleware.Path(r.URL.Path).Matches(res) {
continue
}
// Path matches; parse auth header
username, password, ok := r.BasicAuth()
2015-05-10 01:20:58 -05:00
hasAuth = true
2015-04-23 15:57:07 -05:00
// Check credentials
2015-05-30 00:08:01 -05:00
if !ok ||
username != rule.Username ||
subtle.ConstantTimeCompare([]byte(password), []byte(rule.Password)) != 1 {
2015-05-10 01:20:58 -05:00
continue
2015-04-23 15:57:07 -05:00
}
2015-05-30 00:08:01 -05:00
// Flag set only on successful authentication
2015-05-10 01:20:58 -05:00
isAuthenticated = true
}
}
2015-05-24 21:52:34 -05:00
2015-05-10 01:20:58 -05:00
if hasAuth {
if !isAuthenticated {
w.Header().Set("WWW-Authenticate", "Basic")
return http.StatusUnauthorized, nil
2015-04-23 15:57:07 -05:00
}
2015-05-24 21:52:34 -05:00
// "It's an older code, sir, but it checks out. I was about to clear them."
return a.Next.ServeHTTP(w, r)
2015-04-23 15:57:07 -05:00
}
// Pass-thru when no paths match
return a.Next.ServeHTTP(w, r)
}
// Rule represents a BasicAuth rule. A username and password
// combination protect the associated resources, which are
// file or directory paths.
type Rule struct {
Username string
Password string
Resources []string
}