INFRA-333 Add basic auth

CHANGELOG.md

@@ -4,6 +4,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) with the minor change that we use a prefix instead of grouping.
 This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.21.0] - 2025-04-17
+- Added: support added for basic auth
+
 ## [1.20.0] - 2025-04-14
 - Security: dependency and security updates
 - Added: UPX compression

auth.go

@@ -0,0 +1,33 @@
+package main
+
+import (
+	"net/http"
+)
+
+func withBasicAuth(next interface{}) http.Handler {
+	switch h := next.(type) {
+	case http.Handler:
+		return basicAuthHandler(h)
+	case func(http.ResponseWriter, *http.Request):
+		return basicAuthHandler(http.HandlerFunc(h))
+	default:
+		panic("[Auth] unsupported handler type")
+	}
+}
+
+func basicAuthHandler(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		username, password, ok := r.BasicAuth()
+
+		requiredUsername := config.server.authUser
+		requiredPassword := config.server.authPW
+
+		if !ok || username != requiredUsername || password != requiredPassword {
+			w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
+			http.Error(w, "Unauthorized", http.StatusUnauthorized)
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	})
+}

config.go

@@ -33,8 +33,10 @@ type YamlConfig struct {
 
 // YamlServerConfig mapping to Server part
 type YamlServerConfig struct {
-	Host *string `yaml:"host"`
-	Port *int    `yaml:"port"`
+	Host     *string `yaml:"host"`
+	Port     *int    `yaml:"port"`
+	AuthUser *string `yaml:"auth_user"`
+	AuthPW   *string `yaml:"auth_pw"`
 }
 
 // YamlProbeConfig mapping to Probes part
@@ -55,8 +57,10 @@ type YamlProbeConfig []struct {
 
 type internalConfig struct {
 	server struct {
-		host string
-		port int
+		host     string
+		port     int
+		authUser string
+		authPW   string
 	}
 
 	probes map[string]probeType
@@ -160,6 +164,22 @@ func configServer(serverConfig YamlServerConfig, fileName string) {
 
 		config.server.port = *serverConfig.Port
 	}
+
+	if serverConfig.AuthUser != nil {
+		if config.server.authUser != "" {
+			log.Fatalf("Config failure 'authUser' is already set (%s)", fileName)
+		}
+
+		config.server.authUser = *serverConfig.AuthUser
+	}
+
+	if serverConfig.AuthPW != nil {
+		if config.server.authPW != "" {
+			log.Fatalf("Config failure 'authPW' is already set (%s)", fileName)
+		}
+
+		config.server.authPW = *serverConfig.AuthPW
+	}
 }
 
 func configProbes(probesConfig YamlProbeConfig, fileName string) {

config/server.yaml

@@ -3,3 +3,5 @@
 server:
     host: 127.0.0.1     # ip used for listening, remove or leave empty for all available IP addresses
     port: 8501          # port used for listening
+    auth_user: authuser
+    auth_pw: authpw

main.go

@@ -29,9 +29,13 @@ func main() {
 	log.Info("Started on ", addr)
 
 	r := http.NewServeMux()
-
-	r.HandleFunc("/", landingPage)
-	r.Handle("/metrics", promhttp.Handler())
+	if config.server.authUser != "" && config.server.authPW != "" {
+		r.Handle("/", withBasicAuth(landingPage))
+		r.Handle("/metrics", withBasicAuth(promhttp.Handler()))
+	} else {
+		r.HandleFunc("/", landingPage)
+		r.Handle("/metrics", promhttp.Handler())
+	}
 	r.HandleFunc("/probe", probe)
 
 	err := http.ListenAndServe(