56 wiersze
1,2 KiB
Go
56 wiersze
1,2 KiB
Go
package auth
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"os"
|
|
"strconv"
|
|
|
|
"github.com/gin-gonic/gin"
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
func Header(c *gin.Context, key string) string {
|
|
if values, _ := c.Request.Header[key]; len(values) > 0 {
|
|
return values[0]
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func BasicAuth() gin.HandlerFunc {
|
|
realm := "Authorization Required"
|
|
realm = "Basic realm=" + strconv.Quote(realm)
|
|
user := os.Getenv("USER")
|
|
password := os.Getenv("PASSWORD")
|
|
enabled := isEnabled(user, password)
|
|
if enabled {
|
|
log.Warn("Auth mode enabled")
|
|
log.Warn(fmt.Sprintf("Visit http://%s:%s@0.0.0.0:8080", user, password))
|
|
}
|
|
return func(c *gin.Context) {
|
|
header := Header(c, "Authorization")
|
|
if enabled && header != authorizationHeader(user, password) {
|
|
// Credentials doesn't match, we return 401 and abort handlers chain.
|
|
c.Header("WWW-Authenticate", realm)
|
|
c.AbortWithStatus(401)
|
|
return
|
|
}
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
func isEnabled(user, password string) bool {
|
|
switch {
|
|
case user == "":
|
|
return false
|
|
case password == "":
|
|
return false
|
|
default:
|
|
return true
|
|
}
|
|
}
|
|
|
|
func authorizationHeader(user, password string) string {
|
|
base := user + ":" + password
|
|
return "Basic " + base64.StdEncoding.EncodeToString([]byte(base))
|
|
}
|