-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.go
62 lines (49 loc) · 1.64 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
package legacy
import (
"crypto/subtle"
"net/http"
"net/url"
"strings"
"github.com/na4ma4/jwt-auth-proxy/internal/httpauth"
"go.uber.org/zap"
"golang.org/x/crypto/bcrypt"
)
// AuthItem is a single authentication item for use with legacy auth.
type AuthItem struct {
Username string
Password string
}
// AuthCheckFunc returns a authentication check function for use with `httpauth.BasicAuth()“.
//
//nolint:nestif // refactoring would reduce readability.
func AuthCheckFunc(
logger *zap.Logger,
legacyAuthItems map[string]AuthItem,
authProvider httpauth.AuthProvider,
) httpauth.AuthProvider {
return func(username, password string, r *http.Request) (string, bool) {
if len(legacyAuthItems) > 0 {
// Do Legacy Auth
if v, ok := legacyAuthItems[username]; ok {
if strings.HasPrefix(v.Password, `$`) {
logger.Debug("Testing auth with bcrypt", zap.String("username", username))
if err := bcrypt.CompareHashAndPassword([]byte(v.Password), []byte(password)); err == nil {
logger.Debug("Auth Success[legacy(bcrypt)]", zap.String("username", username))
r.URL.User = url.User(v.Username)
return v.Username, true
}
} else {
logger.Debug("Testing auth with plaintext", zap.String("username", username))
if subtle.ConstantTimeCompare([]byte(password), []byte(v.Password)) == 1 {
logger.Debug("Auth Success[legacy(plain)]", zap.String("username", username))
r.URL.User = url.User(v.Username)
return v.Username, true
}
}
logger.Debug("Auth Failure[legacy]", zap.String("username", username))
return "", false
}
}
return authProvider(username, password, r)
}
}