Documentation
¶
Index ¶
- func ParseAuthorizationHeader(r *http.Request) (msg altcha.Message, ok bool)
- func ParseJSON(r *http.Request) error
- func Protect(w http.ResponseWriter, challenge string, addAuthenticateHeader bool) (ok bool)
- func ProtectForm(protected http.Handler) http.Handler
- func ProtectHeader(protected http.Handler) http.Handler
- func ProtectJSON(protected http.Handler) http.Handler
- func ServeJavascript(w http.ResponseWriter, r *http.Request)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseAuthorizationHeader ¶
ParseAuthorizationHeader parses an Altcha response from an Authorization header.
func ParseJSON ¶
ParseJSON parses the request body as JSON and stores the result in r.Form.
The request body is capped at 10 MB and parsed as JSON. The parsed values are stored in r.Form.
This is a very basic HTTP request body helper. This is probably fine for proof of concept and passing just a couple of fields, but if you're handling complex JSON structures, you should use a much better solution.
For a more comprehensive solution see; https://www.alexedwards.net/blog/how-to-properly-parse-a-json-request-body
func Protect ¶
func Protect(w http.ResponseWriter, challenge string, addAuthenticateHeader bool) (ok bool)
Protect protects a request using the altcha challenge.
You must parse the request and pass the challenge string to this function.
When the passed in challenge is empty, this function will write a new challenge to the response, with a 200 status code, and return false.
When the passed in challenge is not empty, this function will validate the response and write a 403 status code if the response is invalid, and return false. On successfully validating the challenge, this will return true.
If this function returns false, then a response has been written already, and no further action should be taken for the request.
func ProtectForm ¶
ProtectForm protects a request using the altcha challenge.
The request is parsed using r.ParseForm() and the challenge is read from r.FormValue("altcha"). This supports passing the challenge information in both the body and the URL query string. See r.ParseForm() for more details.
func ProtectHeader ¶
ProtectHeader protects a request using the altcha challenge passed through HTTP headers as defined in the M2M Altcha specification.
This function has slightly different behaviour than the other protect functions. This will respond with either a new challenge, using a 401 status code, or it runs the protected handler. This does not output 200 or 403 status codes.
Challenges are placed in the WWW-Authenticate header, in text format.
Responses are expected to be in the Authorization header, in text format.
func ProtectJSON ¶
ProtectJSON protects a request using the altcha challenge.
The request body is capped at 10 MB and parsed as JSON. The parsed values are stored in r.Form. The challenge is read from r.FormValue("altcha").
func ServeJavascript ¶
func ServeJavascript(w http.ResponseWriter, r *http.Request)
ServeJavascript serves the ALTCHA version 0.1.5 javascript files.
This is the same as the code available from: - https://cdn.jsdelivr.net/npm/altcha@0.1.5/dist/altcha.js - https://github.com/altcha-org/altcha/blob/0.1.5/dist/altcha.js
These files are subject to the ALTCHA license. See altcha.js.license.txt
Types ¶
This section is empty.
Source Files