caddy: Index | Files

package basicauth

import ""

Package basicauth implements HTTP Basic Authentication for Caddy.

This is useful for simple protections on a website, like requiring a password to access an admin interface. This package assumes a fairly small threat model.


Package Files

basicauth.go setup.go

type BasicAuth Uses

type BasicAuth struct {
    Next     httpserver.Handler
    SiteRoot string
    Rules    []Rule

BasicAuth is middleware to protect resources with a username and password. Note that HTTP Basic Authentication is not secure by itself and should not be used to protect important assets without HTTPS. Even then, the security of HTTP Basic Auth is disputed. Use discretion when deciding what to protect with BasicAuth.

func (BasicAuth) ServeHTTP Uses

func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)

ServeHTTP implements the httpserver.Handler interface.

type PasswordMatcher Uses

type PasswordMatcher func(pw string) bool

PasswordMatcher determines whether a password matches a rule.

func GetHtpasswdMatcher Uses

func GetHtpasswdMatcher(filename, username, siteRoot string) (PasswordMatcher, error)

GetHtpasswdMatcher matches password rules.

func PlainMatcher Uses

func PlainMatcher(passw string) PasswordMatcher

PlainMatcher returns a PasswordMatcher that does a constant-time byte comparison against the password passw.

type Rule Uses

type Rule struct {
    Username  string
    Password  func(string) bool
    Resources []string
    Realm     string // See RFC 1945 and RFC 2617, default: "Restricted"

Rule represents a BasicAuth rule. A username and password combination protect the associated resources, which are file or directory paths.

Package basicauth imports 15 packages (graph) and is imported by 108 packages. Updated 2019-07-24. Refresh now. Tools for package owners.