1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
|
# goji/httpauth [](https://godoc.org/github.com/goji/httpauth) [](https://travis-ci.org/goji/httpauth)
`httpauth` currently provides [HTTP Basic Authentication middleware](http://tools.ietf.org/html/rfc2617) for Go. It is compatible with Go's own `net/http`, [goji](https://goji.io), Gin & anything that speaks the `http.Handler` interface.
## Example
`httpauth` provides a `SimpleBasicAuth` function to get you up and running. Particularly ideal for development servers.
Note that HTTP Basic Authentication credentials are sent over the wire "in the clear" (read: plaintext!) and therefore should not be considered a robust way to secure a HTTP server. If you're after that, you'll need to use SSL/TLS ("HTTPS") at a minimum.
### Install It
```sh
$ go get github.com/goji/httpauth
```
### Goji v2
#### Simple Usage
The fastest and simplest way to get started using `httpauth` is to use the
`SimpleBasicAuth` function.
```go
package main
import(
"net/http"
"goji.io"
)
func main() {
mux := goji.NewMux()
mux.Use(httpauth.SimpleBasicAuth("dave", "somepassword"))
mux.Use(SomeOtherMiddleware)
// YourHandler now requires HTTP Basic Auth
mux.Handle(pat.Get("/some-route"), YourHandler))
log.Fatal(http.ListenAndServe("localhost:8000", mux))
}
```
#### Advanced Usage
For more control over the process, pass a `AuthOptions` struct to `BasicAuth` instead. This allows you to:
* Configure the authentication realm.
* Provide your own UnauthorizedHandler (anything that satisfies `http.Handler`) so you can return a better looking 401 page.
* Define a custom authentication function, which is discussed in the next section.
```go
func main() {
authOpts := httpauth.AuthOptions{
Realm: "DevCo",
User: "dave",
Password: "plaintext!",
UnauthorizedHandler: myUnauthorizedHandler,
}
mux := goji.NewMux()
mux.Use(BasicAuth(authOpts))
mux.Use(SomeOtherMiddleware)
mux.Handle(pat.Get("/some-route"), YourHandler))
log.Fatal(http.ListenAndServe("localhost:8000", mux))
}
```
#### Custom Authentication Function
`httpauth` will accept a custom authentication function.
Normally, you would not set `AuthOptions.User` nor `AuthOptions.Password` in this scenario.
You would instead validate the given credentials against an external system such as a database.
The contrived example below is for demonstration purposes only.
```go
func main() {
authOpts := httpauth.AuthOptions{
Realm: "DevCo",
AuthFunc: myAuthFunc,
UnauthorizedHandler: myUnauthorizedHandler,
}
mux := goji.NewMux()
mux.Use(BasicAuth(authOpts))
mux.Use(SomeOtherMiddleware)
mux.Handle(pat.Get("/some-route"), YourHandler))
log.Fatal(http.ListenAndServe("localhost:8000", mux))
}
// myAuthFunc is not secure. It checks to see if the password is simply
// the username repeated three times.
func myAuthFunc(user, pass string, r *http.Request) bool {
return pass == strings.Repeat(user, 3)
}
```
### gorilla/mux
Since it's all `http.Handler`, `httpauth` works with [gorilla/mux](https://github.com/gorilla/mux) (and most other routers) as well:
```go
package main
import (
"net/http"
"github.com/goji/httpauth"
"github.com/gorilla/mux"
)
func main() {
r := mux.NewRouter()
r.HandleFunc("/", YourHandler)
http.Handle("/", httpauth.SimpleBasicAuth("dave", "somepassword")(r))
http.ListenAndServe(":7000", nil)
}
func YourHandler(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("Gorilla!\n"))
}
```
### net/http
If you're using vanilla `net/http`:
```go
package main
import(
"net/http"
"github.com/goji/httpauth"
)
func main() {
http.Handle("/", httpauth.SimpleBasicAuth("dave", "somepassword")(http.HandlerFunc(YourHandler)))
http.ListenAndServe(":7000", nil)
}
```
## Contributing
Send a pull request! Note that features on the (informal) roadmap include HTTP Digest Auth.
## License
MIT Licensed. See the LICENSE file for details.
|
