package middleware import ( "encoding/base64" "net/http" "github.com/labstack/echo" ) type ( BasicValidateFunc func(string, string) bool ) const ( Basic = "Basic" ) // BasicAuth returns an HTTP basic authentication middleware. // // For valid credentials it calls the next handler. // For invalid Authorization header it sends "404 - Bad Request" response. // For invalid credentials, it sends "401 - Unauthorized" response. func BasicAuth(fn BasicValidateFunc) echo.HandlerFunc { return func(c *echo.Context) error { // Skip WebSocket if (c.Request().Header.Get(echo.Upgrade)) == echo.WebSocket { return nil } auth := c.Request().Header.Get(echo.Authorization) l := len(Basic) he := echo.NewHTTPError(http.StatusBadRequest) if len(auth) > l+1 && auth[:l] == Basic { b, err := base64.StdEncoding.DecodeString(auth[l+1:]) if err == nil { cred := string(b) for i := 0; i < len(cred); i++ { if cred[i] == ':' { // Verify credentials if fn(cred[:i], cred[i+1:]) { return nil } he.SetCode(http.StatusUnauthorized) } } } } return he } }