add http-basic auth reading from a file

[andyroyle]

Taking implementation cues from #166 I've made an implementation of http basic auth on a per-route basis.

The auth schemes need to be registered with fabio up-front using

proxy.auth = name=mybasicauth;type=basic;file=path/to/file

You then configure your route specifying auth=mybasicauth in the route options.

You can configure multiple auth schemes side-by-side

proxy.auth = name=mybasicauth;type=basic;file=path/to/file;realm=foo
                      name=myotherauth;type=basic;file=path/to/other/file

Currently it uses http basic auth, which reads a single htpasswd file at startup from a file on disk.

If you specify an auth-scheme that doesn't exist then it will log and error in fabio and return a 401 Unauthorized response.

You can optionally set the realm (default is to use the auth name parameter)

[aaronhurt]

Thoughts of supporting htpasswd format for the file?

[andyroyle]

Dead easy to add, do we want to make htpasswd the default for basic auth?

[aaronhurt]

I would lean to making that default. The tooling to create htpasswd files is already present on most *nix systems and users of a load balancer are probably familiar with them and know how to create/manage those files. What do you think?

Sideline: Thanks for picking up the torch on that old issue.

[andyroyle]

Htpasswd is pretty standard stuff. Will make the changes first thing Monday 👍

[aaronhurt]

Awesome, and thank you again!

[magiconair]

Thank you and yes to htpasswd.

[andyroyle]

@magiconair / @leprechau htpasswd support added.

Also added support for an optional realm (used in the WWW-Authenticate: Basic realm="<realm>" response)

[andyroyle]

So I vendored in a new library, which depends on golang.org/x/crypt but it seems to have brought with it updates to golang.org/x/net and golang.org/x/text, yet go.mod only shows a single change. Colour me confused.

[shantanugadgil]

I stumbled upon this, and I wonder if it would solve my use case?
(Looking at the diff it seems so, based on the explanation, atleast)

My use case it to provide an "https + password" frontend to the Consul/Nomad GUI via Fabio.
Currently, I am making do with HAProxy http basic auth on a separate port.

Eagerly looking forward to this getting merged. 👏 👏

[andyroyle]

@shantanugadgil this is exactly what we are using it for as well 😄

[aaronhurt]

@andyroyle Sorry for the delay, just getting caught back up after a short vacation. I'll try to give this a review today.

[magiconair]

Some minor nitpicks. Otherwise LGTM. Thanks a lot!

[magiconair]

@andyroyle can you rebase this, please? Then I'll merge it.

[andyroyle]

@magiconair thanks for the review (and for merging #575). I've fixed those issues and also rebased on top of master, so this should be good-to-go now.