go-http-auth: github.com/abbot/go-http-auth Index | Files

package auth

import "github.com/abbot/go-http-auth"

Package auth is an implementation of HTTP Basic and HTTP Digest authentication.

Index

Package Files

auth.go basic.go digest.go md5crypt.go misc.go users.go

Constants

const (
    DefaultClientCacheSize      = 1000
    DefaultClientCacheTolerance = 100
)

Default values for ClientCacheSize and ClientCacheTolerance for DigestAuth

const AuthUsernameHeader = "X-Authenticated-Username"

AuthUsernameHeader is the header set by JustCheck functions. It contains an authenticated username (if authentication was successful).

Variables

var (
    // NormalHeaders are the regular Headers used by an HTTP Server for
    // request authentication.
    NormalHeaders = &Headers{
        Authenticate:      "WWW-Authenticate",
        Authorization:     "Authorization",
        AuthInfo:          "Authentication-Info",
        UnauthCode:        http.StatusUnauthorized,
        UnauthContentType: "text/plain",
        UnauthResponse:    fmt.Sprintf("%d %s\n", http.StatusUnauthorized, http.StatusText(http.StatusUnauthorized)),
    }

    // ProxyHeaders are Headers used by an HTTP Proxy server for proxy
    // access authentication.
    ProxyHeaders = &Headers{
        Authenticate:      "Proxy-Authenticate",
        Authorization:     "Proxy-Authorization",
        AuthInfo:          "Proxy-Authentication-Info",
        UnauthCode:        http.StatusProxyAuthRequired,
        UnauthContentType: "text/plain",
        UnauthResponse:    fmt.Sprintf("%d %s\n", http.StatusProxyAuthRequired, http.StatusText(http.StatusProxyAuthRequired)),
    }
)

func CheckSecret Uses

func CheckSecret(password, secret string) bool

CheckSecret returns true if the password matches the encrypted secret.

func DigestAuthParams Uses

func DigestAuthParams(authorization string) map[string]string

DigestAuthParams parses Authorization header from the http.Request. Returns a map of auth parameters or nil if the header is not a valid parsable Digest auth header.

func H Uses

func H(data string) string

H function for MD5 algorithm (returns a lower-case hex MD5 digest)

func JustCheck Uses

func JustCheck(auth AuthenticatorInterface, wrapped http.HandlerFunc) http.HandlerFunc

JustCheck returns a new http.HandlerFunc, which requires authenticator to successfully authenticate a user before calling wrapped http.HandlerFunc.

func MD5Crypt Uses

func MD5Crypt(password, salt, magic []byte) []byte

MD5Crypt is the MD5 password crypt implementation.

func ParseList Uses

func ParseList(value string) []string

ParseList parses a comma-separated list of values as described by RFC 2068 and returns list elements.

Lifted from https://code.google.com/p/gorilla/source/browse/http/parser/parser.go which was ported from urllib2.parse_http_list, from the Python standard library.

func ParsePairs Uses

func ParsePairs(value string) map[string]string

ParsePairs extracts key/value pairs from a comma-separated list of values as described by RFC 2068 and returns a map[key]value. The resulting values are unquoted. If a list element doesn't contain a "=", the key is the element itself and the value is an empty string.

Lifted from https://code.google.com/p/gorilla/source/browse/http/parser/parser.go

func RandomKey Uses

func RandomKey() string

RandomKey returns a random 16-byte base64 alphabet string

type AuthenticatedHandlerFunc Uses

type AuthenticatedHandlerFunc func(http.ResponseWriter, *AuthenticatedRequest)

AuthenticatedHandlerFunc is like http.HandlerFunc, but takes AuthenticatedRequest instead of http.Request

type AuthenticatedRequest Uses

type AuthenticatedRequest struct {
    http.Request
    // Username is the authenticated user name. Current API implies that
    // Username is never empty, which means that authentication is
    // always done before calling the request handler.
    Username string
}

AuthenticatedRequest is passed to AuthenticatedHandlerFunc instead of *http.Request.

type Authenticator Uses

type Authenticator func(AuthenticatedHandlerFunc) http.HandlerFunc

Authenticator wraps an AuthenticatedHandlerFunc with authentication-checking code.

Typical Authenticator usage is something like:

authenticator := SomeAuthenticator(...)
http.HandleFunc("/", authenticator(my_handler))

Authenticator wrapper checks the user authentication and calls the wrapped function only after authentication has succeeded. Otherwise, it returns a handler which initiates the authentication procedure.

type AuthenticatorInterface Uses

type AuthenticatorInterface interface {
    // NewContext returns a new context carrying authentication
    // information extracted from the request.
    NewContext(ctx context.Context, r *http.Request) context.Context

    // Wrap returns an http.HandlerFunc which wraps
    // AuthenticatedHandlerFunc with this authenticator's
    // authentication checks.
    Wrap(AuthenticatedHandlerFunc) http.HandlerFunc
}

AuthenticatorInterface is the interface implemented by BasicAuth and DigestAuth authenticators.

Deprecated: this interface is not coherent. New code should define and use your own interfaces with a required subset of authenticator methods.

type BasicAuth Uses

type BasicAuth struct {
    Realm   string
    Secrets SecretProvider
    // Headers used by authenticator. Set to ProxyHeaders to use with
    // proxy server. When nil, NormalHeaders are used.
    Headers *Headers
}

BasicAuth is an authenticator implementation for 'Basic' HTTP Authentication scheme (RFC 7617).

func NewBasicAuthenticator Uses

func NewBasicAuthenticator(realm string, secrets SecretProvider) *BasicAuth

NewBasicAuthenticator returns a BasicAuth initialized with provided realm and secrets.

Deprecated: new code should construct BasicAuth values directly.

func (*BasicAuth) CheckAuth Uses

func (a *BasicAuth) CheckAuth(r *http.Request) string

CheckAuth checks the username/password combination from the request. Returns either an empty string (authentication failed) or the name of the authenticated user.

func (*BasicAuth) NewContext Uses

func (a *BasicAuth) NewContext(ctx context.Context, r *http.Request) context.Context

NewContext returns a context carrying authentication information for the request.

func (*BasicAuth) RequireAuth Uses

func (a *BasicAuth) RequireAuth(w http.ResponseWriter, r *http.Request)

RequireAuth is an http.HandlerFunc for BasicAuth which initiates the authentication process (or requires reauthentication).

func (*BasicAuth) Wrap Uses

func (a *BasicAuth) Wrap(wrapped AuthenticatedHandlerFunc) http.HandlerFunc

Wrap returns an http.HandlerFunc, which wraps AuthenticatedHandlerFunc with this BasicAuth authenticator's authentication checks. Once the request contains valid credentials, it calls wrapped AuthenticatedHandlerFunc.

Deprecated: new code should use NewContext instead.

type DigestAuth Uses

type DigestAuth struct {
    Realm            string
    Opaque           string
    Secrets          SecretProvider
    PlainTextSecrets bool
    IgnoreNonceCount bool
    // Headers used by authenticator. Set to ProxyHeaders to use with
    // proxy server. When nil, NormalHeaders are used.
    Headers *Headers

    /*
       Approximate size of Client's Cache. When actual number of
       tracked client nonces exceeds
       ClientCacheSize+ClientCacheTolerance, ClientCacheTolerance*2
       older entries are purged.
    */
    ClientCacheSize      int
    ClientCacheTolerance int
    // contains filtered or unexported fields
}

DigestAuth is an authenticator implementation for 'Digest' HTTP Authentication scheme (RFC 7616).

Note: this implementation was written following now deprecated RFC 2617, and supports only MD5 algorithm.

TODO: Add support for SHA-256 and SHA-512/256 algorithms.

func NewDigestAuthenticator Uses

func NewDigestAuthenticator(realm string, secrets SecretProvider) *DigestAuth

NewDigestAuthenticator generates a new DigestAuth object

func (*DigestAuth) CheckAuth Uses

func (da *DigestAuth) CheckAuth(r *http.Request) (username string, authinfo *string)

CheckAuth checks whether the request contains valid authentication data. Returns a pair of username, authinfo, where username is the name of the authenticated user or an empty string and authinfo is the contents for the optional Authentication-Info response header.

func (*DigestAuth) JustCheck Uses

func (da *DigestAuth) JustCheck(wrapped http.HandlerFunc) http.HandlerFunc

JustCheck returns a new http.HandlerFunc, which requires DigestAuth to successfully authenticate a user before calling wrapped http.HandlerFunc.

Authenticated Username is passed as an extra X-Authenticated-Username header to the wrapped HandlerFunc.

func (*DigestAuth) NewContext Uses

func (da *DigestAuth) NewContext(ctx context.Context, r *http.Request) context.Context

NewContext returns a context carrying authentication information for the request.

func (*DigestAuth) Purge Uses

func (da *DigestAuth) Purge(count int)

Purge removes count oldest entries from DigestAuth.clients

func (*DigestAuth) RequireAuth Uses

func (da *DigestAuth) RequireAuth(w http.ResponseWriter, r *http.Request)

RequireAuth is an http.HandlerFunc which initiates the authentication process (or requires reauthentication).

func (*DigestAuth) Wrap Uses

func (da *DigestAuth) Wrap(wrapped AuthenticatedHandlerFunc) http.HandlerFunc

Wrap returns an http.HandlerFunc wraps AuthenticatedHandlerFunc with this DigestAuth authentication checks. Once the request contains valid credentials, it calls wrapped AuthenticatedHandlerFunc.

Deprecated: new code should use NewContext instead.

type File Uses

type File struct {
    Path string
    Info os.FileInfo
    /* must be set in inherited types during initialization */
    Reload func()
    // contains filtered or unexported fields
}

File handles automatic file reloading on changes.

func (*File) ReloadIfNeeded Uses

func (f *File) ReloadIfNeeded()

ReloadIfNeeded checks file Stat and calls Reload() if any changes were detected. File mutex is Locked for the duration of Reload() call.

This function will panic() if Stat fails.

type Headers Uses

type Headers struct {
    Authenticate      string // WWW-Authenticate
    Authorization     string // Authorization
    AuthInfo          string // Authentication-Info
    UnauthCode        int    // 401
    UnauthContentType string // text/plain
    UnauthResponse    string // Unauthorized.
}

Headers contains header and error codes used by authenticator.

func (*Headers) V Uses

func (h *Headers) V() *Headers

V returns NormalHeaders when h is nil, or h otherwise. Allows to use uninitialized *Headers values in structs.

type HtdigestFile Uses

type HtdigestFile struct {
    // File is used for automatic reloading of the authentication data.
    File
    // Users is a map of realms to users to HA1 digests.
    Users map[string]map[string]string
    // contains filtered or unexported fields
}

HtdigestFile is a File holding htdigest authentication data.

type HtpasswdFile Uses

type HtpasswdFile struct {
    // File is used for automatic reloading of the authentication data.
    File
    // Users is a map of users to their secrets (salted encrypted
    // passwords).
    Users map[string]string
    // contains filtered or unexported fields
}

HtpasswdFile is a File holding basic authentication data.

type Info Uses

type Info struct {
    // Authenticated is set to true when request was authenticated
    // successfully, i.e. username and password passed in request did
    // pass the check.
    Authenticated bool

    // Username contains a user name passed in the request when
    // Authenticated is true. It's value is undefined if Authenticated
    // is false.
    Username string

    // ResponseHeaders contains extra headers that must be set by server
    // when sending back HTTP response.
    ResponseHeaders http.Header
}

Info contains authentication information for the request.

func FromContext Uses

func FromContext(ctx context.Context) *Info

FromContext returns authentication information from the context or nil if no such information present.

func (*Info) UpdateHeaders Uses

func (i *Info) UpdateHeaders(headers http.Header)

UpdateHeaders updates headers with this Info's ResponseHeaders. It is safe to call this function on nil Info.

type SecretProvider Uses

type SecretProvider func(user, realm string) string

SecretProvider is used by authenticators. Takes user name and realm as an argument, returns secret required for authentication (HA1 for digest authentication, properly encrypted password for basic).

Returning an empty string means failing the authentication.

func HtdigestFileProvider Uses

func HtdigestFileProvider(filename string) SecretProvider

HtdigestFileProvider is a SecretProvider implementation based on htdigest-formated files. It will automatically reload htdigest file on changes. It panics on syntax errors in htdigest files.

func HtpasswdFileProvider Uses

func HtpasswdFileProvider(filename string) SecretProvider

HtpasswdFileProvider is a SecretProvider implementation based on htpasswd-formated files. It will automatically reload htpasswd file on changes. It panics on syntax errors in htpasswd files. Realm argument of the SecretProvider is ignored.

Package auth imports 19 packages (graph) and is imported by 325 packages. Updated 2019-03-24. Refresh now. Tools for package owners.