Add basic-auth handler using lua-pwauth simple password authentication

Includes an example utilising pwauth.pam and a sketchup for pwauth.sasl that still lacks the backend in lua-pwauth.
creationix · Dec 15, 2012 · 02cd1f3 · 02cd1f3
1 parent fda1476
commit 02cd1f3
Show file tree

Hide file tree

Showing 4 changed files with 83 additions and 0 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -4,3 +4,6 @@
 [submodule "luv"]
 	path = luv
 	url = https://github.com/creationix/luv.git
+[submodule "lua-pwauth"]
+	path = lua-pwauth
+	url = https://github.com/devurandom/lua-pwauth.git
diff --git a/basic-auth.lua b/basic-auth.lua
@@ -0,0 +1,34 @@
+local base64 = require "base64"
+
+return function (app, options)
+	return function (req, res)
+		if req.url.path == options.path then
+			local authorization = req.headers.authorization
+			if not authorization then
+				return res(401,{["Content-Type"] = "text/plain", ["WWW-Authenticate"] = "Basic realm="..options.realm},"Please auth!")
+			end
+
+			local userpass_b64 = authorization:match("Basic%s+(.*)")
+			if not userpass_b64 then
+				return res(400, {["Content-Type"] = "text/plain"}, "Your browser sent a bad Authorization HTTP header!")
+			end
+
+			local userpass = base64.decode(userpass_b64)
+			if not userpass then
+				return res(400, {["Content-Type"] = "text/plain"}, "Your browser sent a bad Authorization HTTP header!")
+			end
+
+			local username, password = userpass:match("([^:]*):(.*)")
+			if not (username and password) then
+				return res(400, {["Content-Type"] = "text/plain"}, "Your browser sent a bad Authorization HTTP header!")
+			end
+
+			local success, err = options.provider:authenticate(username, password)
+			if not success then
+				return res(403,{["Content-Type"] = "text/plain", ["WWW-Authenticate"] = "Basic realm="..options.realm},"<html><body><h1>Auth failed!</h1><p>"..err.."</p></body></html>")
+			end
+		end
+
+		app(req, res)
+	end
+end
diff --git a/lua-pwauth b/lua-pwauth
diff --git a/samples/test-basicauth.lua b/samples/test-basicauth.lua
@@ -0,0 +1,45 @@
+#!/usr/bin/lua
+
+-- Workaround Lua module system for modules loaded by modules:
+package.path = package.path .. ";lua-?/?.lua;lua-pwauth/?.lua"
+package.cpath = package.cpath .. ";lua-?/?.so;lua-pwauth/lua-?/?.so"
+
+local p = require('utils').prettyPrint
+local socketHandler = require('web').socketHandler
+local createServer = require('uv').createServer
+
+local host = os.getenv("IP") or "0.0.0.0"
+local port = os.getenv("PORT") or 8080
+
+local app = function (req, res)
+  res(200, {
+    ["Content-Type"] = "text/plain"
+  }, {"Hello ", "World\n"})
+end
+
+--local sasl = require("pwauth").sasl
+--local provider = sasl.new{application="TEST", service="www", hostname="localhost", realm="TEST", mechanism=sasl.mechanisms.PLAIN}
+
+local pam = require("pwauth").pam
+local provider = pam.new("system-auth")
+
+app = require("basic-auth")(app, {path="/", realm="TEST", provider=provider})
+
+app = require('autoheaders')(app)
+
+app = require('log')(app)
+
+p{app=app}
+
+app({
+  method = "GET",
+  url = { path = "/" },
+  headers = {}
+}, p)
+
+createServer(host, port, socketHandler(app))
+print("http server listening at http://localhost:8080/")
+
+require('luv').run()
+
+print("done.")