README
¶
auth
Macaron middleware/handler for http basic authentication. Modified from https://github.com/martini-contrib/auth
Simple Usage
Use auth.Basic to authenticate against a pre-defined username and password:
import (
"gopkg.in/macaron.v1"
"github.com/go-macaron/auth"
)
func main() {
m := macaron.Classic()
// authenticate every request
m.Use(auth.Basic("username", "secretpassword"))
m.Run()
}
Advanced Usage
Using auth.BasicFunc lets you authenticate on a per-user level, by checking
the username and password in the callback function:
import (
"gopkg.in/macaron.v1"
"github.com/go-macaron/auth"
)
func main() {
m := macaron.Classic()
// authenticate every request
m.Use(auth.BasicFunc(func(username, password string) bool {
return username == "admin" && password == "guessme"
}))
m.Run()
}
Note that checking usernames and passwords with string comparison might be
susceptible to timing attacks. To avoid that, use auth.SecureCompare instead:
m.Use(auth.BasicFunc(func(username, password string) bool {
return auth.SecureCompare(username, "admin") && auth.SecureCompare(password, "guessme")
}))
}
Upon successful authentication, the username is available to all subsequent
handlers via the auth.User type:
m.Get("/", func(user auth.User) string {
return "Welcome, " + string(user)
})
}
Authors
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var BasicRealm = "Authorization Required"
BasicRealm is used when setting the WWW-Authenticate response header.
Functions ¶
func Basic ¶
Basic returns a Handler that authenticates via Basic Auth. Writes a http.StatusUnauthorized if authentication fails.
func BasicFunc ¶
BasicFunc returns a Handler that authenticates via Basic Auth using the provided function. The function should return true for a valid username/password combination.
func SecureCompare ¶
SecureCompare performs a constant time compare of two strings to limit timing attacks.
Source Files
Directories