diff --git a/main.go b/main.go index f3a0aa0..39707ac 100644 --- a/main.go +++ b/main.go @@ -1,10 +1,12 @@ package main import ( + "encoding/base64" "errors" "fmt" "io/ioutil" "os" + "strconv" "strings" log "github.com/Sirupsen/logrus" @@ -15,12 +17,58 @@ import ( const sessionHeader = "slide-session" +func Header(c *gin.Context, key string) string { + if values, _ := c.Request.Header[key]; len(values) > 0 { + return values[0] + } + return "" +} + +func BasicAuth() gin.HandlerFunc { + realm := "Authorization Required" + realm = "Basic realm=" + strconv.Quote(realm) + user := os.Getenv("USER") + password := os.Getenv("PASSWORD") + enabled := isEnabled(user, password) + if enabled { + log.Warn("Auth mode enabled") + log.Warn(fmt.Sprintf("Visit http://%s:%s@0.0.0.0:8080", user, password)) + } + return func(c *gin.Context) { + header := Header(c, "Authorization") + if enabled && header != authorizationHeader(user, password) { + // Credentials doesn't match, we return 401 and abort handlers chain. + c.Header("WWW-Authenticate", realm) + c.AbortWithStatus(401) + return + } + c.Next() + } +} + +func isEnabled(user, password string) bool { + switch { + case user == "": + return false + case password == "": + return false + default: + return true + } +} + +func authorizationHeader(user, password string) string { + base := user + ":" + password + return "Basic " + base64.StdEncoding.EncodeToString([]byte(base)) +} + func NewApp() *gin.Engine { r := gin.Default() store := sessions.NewCookieStore([]byte("secret")) r.Use(sessions.Sessions(sessionHeader, store)) + r.Use(BasicAuth()) r.LoadHTMLGlob("templates/*.tmpl") r.Static("/static", "./static")