Macaron middleware/handler for http basic authentication. Modified from https://github.com/martini-contrib/auth
Use auth.Basic
to authenticate against a pre-defined username and password:
import (
"gopkg.in/macaron.v1"
"github.com/go-macaron/auth"
)
func main() {
m := macaron.Classic()
// authenticate every request
m.Use(auth.Basic("username", "secretpassword"))
m.Run()
}
Using auth.BasicFunc
lets you authenticate on a per-user level, by checking
the username and password in the callback function:
import (
"gopkg.in/macaron.v1"
"github.com/go-macaron/auth"
)
func main() {
m := macaron.Classic()
// authenticate every request
m.Use(auth.BasicFunc(func(username, password string) bool {
return username == "admin" && password == "guessme"
}))
m.Run()
}
Note that checking usernames and passwords with string comparison might be
susceptible to timing attacks. To avoid that, use auth.SecureCompare
instead:
m.Use(auth.BasicFunc(func(username, password string) bool {
return auth.SecureCompare(username, "admin") && auth.SecureCompare(password, "guessme")
}))
}
Upon successful authentication, the username is available to all subsequent
handlers via the auth.User
type:
m.Get("/", func(user auth.User) string {
return "Welcome, " + string(user)
})
}