|
- package auth
-
- import (
- "encoding/base64"
- "net/http"
- "strings"
-
- "gopkg.in/macaron.v1"
- )
-
- // User is the authenticated username that was extracted from the request.
- type User string
-
- // BasicRealm is used when setting the WWW-Authenticate response header.
- var BasicRealm = "Authorization Required"
- var basicPrefix = "Basic "
-
- // Basic returns a Handler that authenticates via Basic Auth. Writes a http.StatusUnauthorized
- // if authentication fails.
- func Basic(username string, password string) macaron.Handler {
- var siteAuth = base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
- return func(res http.ResponseWriter, req *http.Request, c *macaron.Context) {
- auth := req.Header.Get("Authorization")
- if !SecureCompare(auth, basicPrefix+siteAuth) {
- basicUnauthorized(res)
- return
- }
- c.Map(User(username))
- }
- }
-
- // BasicFunc returns a Handler that authenticates via Basic Auth using the provided function.
- // The function should return true for a valid username/password combination.
- func BasicFunc(authfn func(string, string) bool) macaron.Handler {
- return func(res http.ResponseWriter, req *http.Request, c *macaron.Context) {
- auth := req.Header.Get("Authorization")
- n := len(basicPrefix)
- if len(auth) < n || auth[:n] != basicPrefix {
- basicUnauthorized(res)
- return
- }
- b, err := base64.StdEncoding.DecodeString(auth[n:])
- if err != nil {
- basicUnauthorized(res)
- return
- }
- tokens := strings.SplitN(string(b), ":", 2)
- if len(tokens) != 2 || !authfn(tokens[0], tokens[1]) {
- basicUnauthorized(res)
- return
- }
- c.Map(User(tokens[0]))
- }
- }
-
- func basicUnauthorized(res http.ResponseWriter) {
- res.Header().Set("WWW-Authenticate", "Basic realm=\""+BasicRealm+"\"")
- http.Error(res, "Not Authorized", http.StatusUnauthorized)
- }
|
