From 2be7f11e572f67bb438394ca8b545c5f61075040 Mon Sep 17 00:00:00 2001 From: Alex Myasoedov Date: Thu, 18 Jan 2018 20:22:15 -0500 Subject: [PATCH] Auth module --- auth/auth.go | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++ main.go | 50 ++-------------------------------------------- 2 files changed, 58 insertions(+), 48 deletions(-) create mode 100644 auth/auth.go diff --git a/auth/auth.go b/auth/auth.go new file mode 100644 index 0000000..c384a40 --- /dev/null +++ b/auth/auth.go @@ -0,0 +1,56 @@ +package auth + +import ( + "encoding/base64" + "fmt" + "os" + "strconv" + + log "github.com/Sirupsen/logrus" + "github.com/gin-gonic/gin" +) + +func Header(c *gin.Context, key string) string { + if values, _ := c.Request.Header[key]; len(values) > 0 { + return values[0] + } + return "" +} + +func BasicAuth() gin.HandlerFunc { + realm := "Authorization Required" + realm = "Basic realm=" + strconv.Quote(realm) + user := os.Getenv("USER") + password := os.Getenv("PASSWORD") + enabled := isEnabled(user, password) + if enabled { + log.Warn("Auth mode enabled") + log.Warn(fmt.Sprintf("Visit http://%s:%s@0.0.0.0:8080", user, password)) + } + return func(c *gin.Context) { + header := Header(c, "Authorization") + if enabled && header != authorizationHeader(user, password) { + // Credentials doesn't match, we return 401 and abort handlers chain. + c.Header("WWW-Authenticate", realm) + c.AbortWithStatus(401) + return + } + c.Next() + } +} + +func isEnabled(user, password string) bool { + switch { + case user == "": + return false + case password == "": + return false + default: + return true + } +} + +func authorizationHeader(user, password string) string { + base := user + ":" + password + return "Basic " + base64.StdEncoding.EncodeToString([]byte(base)) +} diff --git a/main.go b/main.go index 6669046..1f6ca11 100644 --- a/main.go +++ b/main.go @@ -1,68 +1,22 @@ package main import ( - "encoding/base64" "errors" "fmt" "io/ioutil" "os" - "strconv" "strings" log "github.com/Sirupsen/logrus" haikunator "github.com/atrox/haikunatorgo" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" + "github.com/msoedov/hacker-slides/auth" "github.com/msoedov/hacker-slides/files" ) const sessionHeader = "slide-session" -func Header(c *gin.Context, key string) string { - if values, _ := c.Request.Header[key]; len(values) > 0 { - return values[0] - } - return "" -} - -func BasicAuth() gin.HandlerFunc { - realm := "Authorization Required" - realm = "Basic realm=" + strconv.Quote(realm) - user := os.Getenv("USER") - password := os.Getenv("PASSWORD") - enabled := isEnabled(user, password) - if enabled { - log.Warn("Auth mode enabled") - log.Warn(fmt.Sprintf("Visit http://%s:%s@0.0.0.0:8080", user, password)) - } - return func(c *gin.Context) { - header := Header(c, "Authorization") - if enabled && header != authorizationHeader(user, password) { - // Credentials doesn't match, we return 401 and abort handlers chain. - c.Header("WWW-Authenticate", realm) - c.AbortWithStatus(401) - return - } - c.Next() - } -} - -func isEnabled(user, password string) bool { - switch { - case user == "": - return false - case password == "": - return false - default: - return true - } -} - -func authorizationHeader(user, password string) string { - base := user + ":" + password - return "Basic " + base64.StdEncoding.EncodeToString([]byte(base)) -} - func SlidePath(name string) string { return fmt.Sprintf("slides/%s.md", name) } @@ -73,7 +27,7 @@ func NewApp() *gin.Engine { store := sessions.NewCookieStore([]byte("secret")) r.Use(sessions.Sessions(sessionHeader, store)) - r.Use(BasicAuth()) + r.Use(auth.BasicAuth()) r.LoadHTMLGlob("templates/*.tmpl") r.Static("/static", "./static")