Adding http basic authentication middleware

Signed-off-by: Vishal Rana <vr@labstack.com>
2024-11-24 08:22:21 +02:00 · 2015-05-11 15:43:54 -07:00 · 2015-05-11 15:43:54 -07:00 · 69a97671ad
commit 69a97671ad
parent 8ace8e2143
4 changed files with 125 additions and 0 deletions
--- a/echo.go
+++ b/echo.go
@ -79,6 +79,7 @@ const (

 	ApplicationJSON     = "application/json"
 	ApplicationProtobuf = "application/protobuf"
+	ApplicationMsgpack  = "application/msgpack"
 	TextPlain           = "text/plain"
 	TextHTML            = "text/html"
 	ApplicationForm     = "application/x-www-form-urlencoded"
@ -92,6 +93,7 @@ const (
 	ContentDisposition = "Content-Disposition"
 	ContentLength      = "Content-Length"
 	ContentType        = "Content-Type"
+	Authorization      = "Authorization"
 )

 var (
--- a/middleware/auth.go
+++ b/middleware/auth.go
@ -0,0 +1,64 @@
+package middleware
+
+import (
+	"encoding/base64"
+	"github.com/labstack/echo"
+	"net/http"
+)
+
+type (
+	AuthFunc func(string, string) bool
+)
+
+const (
+	Basic = "Basic"
+)
+
+// BasicAuth provides HTTP basic authentication middleware.
+func BasicAuth(fn AuthFunc) echo.HandlerFunc {
+	return func(c *echo.Context) (he *echo.HTTPError) {
+		auth := c.Request.Header.Get(echo.Authorization)
+		i := 0
+		l := len(Basic)
+		he = &echo.HTTPError{Code: http.StatusUnauthorized}
+
+		for ; i < len(auth); i++ {
+			c := auth[i]
+			// Ignore empty spaces
+			if c == ' ' {
+				continue
+			}
+
+			// Check scheme
+			if i < l {
+				// Ignore case
+				if i == 0 {
+					if c != Basic[i] && c != 'b' {
+						return
+					}
+				} else {
+					if c != Basic[i] {
+						return
+					}
+				}
+			} else {
+				// Extract credentials
+				b, err := base64.StdEncoding.DecodeString(auth[i:])
+				if err != nil {
+					return
+				}
+				cred := string(b)
+				for i := 0; i < len(cred); i++ {
+					if cred[i] == ':' {
+						// Verify credentials
+						if !fn(cred[:i], cred[i+1:]) {
+							return
+						}
+						return nil
+					}
+				}
+			}
+		}
+		return nil
+	}
+}
--- a/middleware/auth_test.go
+++ b/middleware/auth_test.go
@ -0,0 +1,58 @@
+package middleware
+
+import (
+	"encoding/base64"
+	"github.com/labstack/echo"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func TestBasicAuth(t *testing.T) {
+	req, _ := http.NewRequest(echo.POST, "/", nil)
+	res := &echo.Response{Writer: httptest.NewRecorder()}
+	c := echo.NewContext(req, res, echo.New())
+	fn := func(u, p string) bool {
+		if u == "joe" && p == "secret" {
+			return true
+		}
+		return false
+	}
+	b := BasicAuth(fn)
+
+	//-------------------
+	// Valid credentials
+	//-------------------
+
+	auth := Basic + " " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))
+	req.Header.Set(echo.Authorization, auth)
+	if b(c) != nil {
+		t.Error("basic auth should pass")
+	}
+
+	// Case insensitive
+	auth = "basic " + base64.StdEncoding.EncodeToString([]byte("joe:secret"))
+	req.Header.Set(echo.Authorization, auth)
+	if b(c) != nil {
+		t.Error("basic auth should ignore case and pass")
+	}
+
+	//---------------------
+	// Invalid credentials
+	//---------------------
+
+	auth = Basic + "  " + base64.StdEncoding.EncodeToString([]byte(" joe: secret"))
+	req.Header.Set(echo.Authorization, auth)
+	b = BasicAuth(fn)
+	if b(c) == nil {
+		t.Error("basic auth should fail")
+	}
+
+	// Invalid scheme
+	auth = "foo " + base64.StdEncoding.EncodeToString([]byte(" joe: secret"))
+	req.Header.Set(echo.Authorization, auth)
+	b = BasicAuth(fn)
+	if b(c) == nil {
+		t.Error("basic auth should fail for invalid scheme")
+	}
+}
--- a/middleware/middleware.go
+++ b/middleware/middleware.go
@ -0,0 +1 @@
+package middleware