Add support for http basic authentication

Change-Id: Ib5406e3cae876e1262f8e214e3eebaf86c3c4a6e
cloudfoundry · Oct 9, 2012 · a2f6f5b · a2f6f5b
1 parent ea85aca
commit a2f6f5b
Show file tree

Hide file tree

Showing 4 changed files with 134 additions and 1 deletion.
diff --git a/config.go b/config.go
@@ -7,4 +7,7 @@ type Config struct {
 	Port  int
 
 	EnableLOC bool
+
+	User     string
+	Password string
 }
diff --git a/http_auth.go b/http_auth.go
@@ -0,0 +1,29 @@
+package steno
+
+import (
+	"encoding/base64"
+	"net/http"
+	"strings"
+)
+
+func checkAuth(req *http.Request, user string, password string) bool {
+
+	if user == "" && password == "" {
+		return true
+	}
+
+	authParts := strings.Split(req.Header.Get("Authorization"), " ")
+	if len(authParts) != 2 || authParts[0] != "Basic" {
+		return false
+	}
+	code, err := base64.StdEncoding.DecodeString(authParts[1])
+	if err != nil {
+		return false
+	}
+	userPass := strings.Split(string(code), ":")
+	if len(userPass) != 2 || userPass[0] != user || userPass[1] != password {
+		return false
+	}
+
+	return true
+}
diff --git a/http_auth_test.go b/http_auth_test.go
@@ -0,0 +1,83 @@
+package steno
+
+import (
+	"fmt"
+	. "launchpad.net/gocheck"
+	"net/http"
+	"net/http/httptest"
+)
+
+type HttpAuthSuite struct {
+	basicAuth *BasicAuth
+}
+
+var _ = Suite(&HttpAuthSuite{})
+
+func (s *HttpAuthSuite) SetUpSuite(c *C) {
+	mux := http.NewServeMux()
+	mux.HandleFunc(HTTP_REGEXP_PATH, regExpHandler)
+	mux.HandleFunc(HTTP_LOGGER_PATH, loggerHandler)
+	mux.HandleFunc(HTTP_LIST_LOGGERS_PATH, loggersListHandler)
+
+	s.basicAuth = &BasicAuth{
+		handler: mux,
+	}
+
+	cfg := Config{}
+	cfg.User = "jeff"
+	cfg.Password = "li"
+	cfg.Sinks = []Sink{newNullSink()}
+	Init(&cfg)
+}
+
+func (s *HttpAuthSuite) TearDownSuite(c *C) {
+	config = Config{}
+
+	s.basicAuth = nil
+}
+
+func (s *HttpAuthSuite) SetUpTest(c *C) {
+	loggers = make(map[string]*BaseLogger)
+}
+
+func (s *HttpAuthSuite) TearDownTest(c *C) {
+	loggerRegexp = nil
+	loggerRegexpLevel = nil
+
+	loggers = nil
+}
+
+func testGetMethodStatusCode(req *http.Request, c *C) {
+	r, _ := http.DefaultClient.Do(req)
+	c.Assert(r.StatusCode, Equals, http.StatusUnauthorized)
+
+	req.SetBasicAuth("jeff", "li")
+	r, _ = http.DefaultClient.Do(req)
+	c.Assert(r.StatusCode, Equals, http.StatusOK)
+}
+
+func (s *HttpAuthSuite) TestGetRegexpWithAuth(c *C) {
+	ts := httptest.NewServer(s.basicAuth)
+	defer ts.Close()
+
+	req, _ := http.NewRequest("GET", fmt.Sprintf("%s%s", ts.URL, HTTP_REGEXP_PATH), nil)
+	testGetMethodStatusCode(req, c)
+}
+
+func (s *HttpAuthSuite) TestGetLoggerWithAuth(c *C) {
+	ts := httptest.NewServer(s.basicAuth)
+	defer ts.Close()
+
+	NewLogger("foobar")
+
+	req, _ := http.NewRequest("GET", fmt.Sprintf("%s%s%s", ts.URL, HTTP_LOGGER_PATH, "foobar"), nil)
+	testGetMethodStatusCode(req, c)
+}
+
+func (s *HttpAuthSuite) TestGetLoggersWithAuth(c *C) {
+	ts := httptest.NewServer(s.basicAuth)
+	defer ts.Close()
+
+	req, _ := http.NewRequest("GET", fmt.Sprintf("%s%s", ts.URL, HTTP_LIST_LOGGERS_PATH), nil)
+	testGetMethodStatusCode(req, c)
+}
diff --git a/http_handler.go b/http_handler.go
@@ -99,16 +99,34 @@ func loggersListHandler(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+type BasicAuth struct {
+	handler http.Handler
+}
+
+func (a *BasicAuth) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	if !checkAuth(req, config.User, config.Password) {
+		w.Header().Set("WWW-Authenticate", "Basic")
+		w.WriteHeader(http.StatusUnauthorized)
+		w.Write([]byte("401 Unauthorized\n"))
+	} else {
+		a.handler.ServeHTTP(w, req)
+	}
+}
+
 func initHttpServer(port int) {
 	mux := http.NewServeMux()
 
 	mux.HandleFunc(HTTP_REGEXP_PATH, regExpHandler)
 	mux.HandleFunc(HTTP_LOGGER_PATH, loggerHandler)
 	mux.HandleFunc(HTTP_LIST_LOGGERS_PATH, loggersListHandler)
 
+	basicAuth := &BasicAuth{
+		handler: mux,
+	}
+
 	server := &http.Server{
 		Addr:    fmt.Sprintf(":%d", port),
-		Handler: mux,
+		Handler: basicAuth,
 	}
 
 	go server.ListenAndServe()