echo/middleware/auth.go

package middleware

import (
	"encoding/base64"
	"github.com/labstack/echo"
	"net/http"
)

type (
	AuthFunc func(string, string) bool
)

const (
	Basic = "Basic"
)

// BasicAuth returns an HTTP basic authentication middleware. For valid credentials
// it calls the next handler in the chain.

// For invalid Authorization header it sends "404 - Bad Request" response.
// For invalid credentials, it sends "401 - Unauthorized" response.
func BasicAuth(fn AuthFunc) echo.HandlerFunc {
	return func(c *echo.Context) error {
		auth := c.Request().Header.Get(echo.Authorization)
		i := 0
		code := http.StatusBadRequest

		for ; i < len(auth); i++ {
			c := auth[i]
			// Ignore empty spaces
			if c == ' ' {
				continue
			}

			// Check scheme
			if i < len(Basic) {
				// Ignore case
				if i == 0 {
					if c != Basic[i] && c != 'b' {
						break
					}
				} else {
					if c != Basic[i] {
						break
					}
				}
			} else {
				// Extract credentials
				b, err := base64.StdEncoding.DecodeString(auth[i:])
				if err != nil {
					break
				}
				cred := string(b)
				for i := 0; i < len(cred); i++ {
					if cred[i] == ':' {
						// Verify credentials
						if fn(cred[:i], cred[i+1:]) {
							return nil
						}
						code = http.StatusUnauthorized
						break
					}
				}
			}
		}
		return echo.NewHTTPError(code)
	}
}
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`package middleware`

			`import (`
			`"encoding/base64"`
			`"github.com/labstack/echo"`
			`"net/http"`
			`)`

			`type (`
			`AuthFunc func(string, string) bool`
			`)`

			`const (`
			`Basic = "Basic"`
			`)`

Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`// BasicAuth returns an HTTP basic authentication middleware. For valid credentials`
			`// it calls the next handler in the chain.`

			`// For invalid Authorization header it sends "404 - Bad Request" response.`
			`// For invalid credentials, it sends "401 - Unauthorized" response.`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`func BasicAuth(fn AuthFunc) echo.HandlerFunc {`
Refactored Echo.HandlerFunc, added WebSocket support. Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-20 23:38:51 +02:00			`return func(c *echo.Context) error {`
Encapsulated fields and exposed public functions. Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-22 13:40:01 +02:00			`auth := c.Request().Header.Get(echo.Authorization)`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`i := 0`
Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`code := http.StatusBadRequest`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00
			`for ; i < len(auth); i++ {`
			`c := auth[i]`
			`// Ignore empty spaces`
			`if c == ' ' {`
			`continue`
			`}`

			`// Check scheme`
Updated auth test Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 15:18:49 +02:00			`if i < len(Basic) {`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`// Ignore case`
			`if i == 0 {`
			`if c != Basic[i] && c != 'b' {`
Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`break`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`}`
			`} else {`
			`if c != Basic[i] {`
Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`break`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`}`
			`}`
			`} else {`
			`// Extract credentials`
			`b, err := base64.StdEncoding.DecodeString(auth[i:])`
			`if err != nil {`
Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`break`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`}`
			`cred := string(b)`
			`for i := 0; i < len(cred); i++ {`
			`if cred[i] == ':' {`
			`// Verify credentials`
Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`if fn(cred[:i], cred[i+1:]) {`
			`return nil`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`}`
Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`code = http.StatusUnauthorized`
			`break`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`}`
			`}`
			`}`
			`}`
Better HTTP status in basic auth middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-21 23:02:29 +02:00			`return echo.NewHTTPError(code)`
Adding http basic authentication middleware Signed-off-by: Vishal Rana <vr@labstack.com> 2015-05-12 00:43:54 +02:00			`}`
			`}`