-
Notifications
You must be signed in to change notification settings - Fork 80
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
feat(security): add http basic auth
- Loading branch information
Showing
6 changed files
with
165 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
package auth | ||
|
||
import "net/http" | ||
|
||
// Method an interface describing an authentication method | ||
type Method interface { | ||
// Called after ParseParam method. | ||
// auth.Method should initialize itself here and get ready to receive requests. | ||
// Logger has been initialized so it is safe to call logger methods here. | ||
Init(debug bool) | ||
// Return Method Usage Info | ||
Usage() string | ||
// Parse the parameter passed through the -authparam flag | ||
// Logger is not initialized at this state so do NOT call logger methods | ||
// If the parameter is unacceptable, return an error and main should exit | ||
ParseParam(string) error | ||
// Return a middleware to handle connections. | ||
Middleware() func(http.Handler) http.Handler | ||
} | ||
|
||
var ( | ||
// AvailableMethods Returns a map of available auth methods | ||
AvailableMethods = map[string]Method{ | ||
"none": new(noAuth), | ||
"basic": new(basicAuth), | ||
} | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
package auth | ||
|
||
import ( | ||
"errors" | ||
"fmt" | ||
"net/http" | ||
"strings" | ||
|
||
"github.com/ncarlier/webhookd/pkg/logger" | ||
) | ||
|
||
type basicAuth struct { | ||
username string | ||
password string | ||
authheader string | ||
} | ||
|
||
func (c *basicAuth) Init(_ bool) {} | ||
|
||
func (c *basicAuth) Usage() string { | ||
return "HTTP Basic Auth. Usage: -auth basic -authparam <username>:<password>[:<realm>] (example: -auth basic -auth-param foo:bar)" | ||
} | ||
|
||
func (c *basicAuth) ParseParam(param string) error { | ||
res := strings.Split(param, ":") | ||
realm := "Authentication required." | ||
switch len(res) { | ||
case 3: | ||
realm = res[2] | ||
fallthrough | ||
case 2: | ||
c.username, c.password = res[0], res[1] | ||
c.authheader = fmt.Sprintf("Basic realm=\"%s\"", realm) | ||
return nil | ||
} | ||
return errors.New("Invalid Auth param") | ||
|
||
} | ||
|
||
// BasicAuth HTTP Basic Auth implementation | ||
func (c *basicAuth) Middleware() func(http.Handler) http.Handler { | ||
return func(next http.Handler) http.Handler { | ||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
if username, password, ok := r.BasicAuth(); ok && username == c.username && password == c.password { | ||
logger.Info.Printf("HTTP Basic Auth: %s PASSED\n", username) | ||
next.ServeHTTP(w, r) | ||
} else if !ok { | ||
logger.Debug.Println("HTTP Basic Auth: Auth header not present.") | ||
w.Header().Add("WWW-Authenticate", c.authheader) | ||
w.WriteHeader(401) | ||
w.Write([]byte("Authentication required.")) | ||
} else { | ||
logger.Warning.Printf("HTTP Basic Auth: Invalid credentials for username %s\n", username) | ||
w.WriteHeader(403) | ||
w.Write([]byte("Forbidden.")) | ||
} | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
package auth | ||
|
||
import ( | ||
"net/http" | ||
) | ||
|
||
type noAuth struct { | ||
} | ||
|
||
func (c *noAuth) Usage() string { | ||
return "No Auth. Usage: -auth none" | ||
} | ||
|
||
func (c *noAuth) Init(_ bool) {} | ||
|
||
func (c *noAuth) ParseParam(_ string) error { | ||
return nil | ||
} | ||
|
||
// NoAuth A Nop Auth middleware | ||
func (c *noAuth) Middleware() func(http.Handler) http.Handler { | ||
return func(h http.Handler) http.Handler { | ||
return h | ||
} | ||
} |