Home Explore Help
Register Sign In
publics
/
gin-gonic__gin
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 735748b359
Branches Tags
gin-gonic__gin
/
auth.go

auth.go 2.9 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394 
  1. // Copyright 2014 Manu Martinez-Almeida.  All rights reserved.
    2. 

  2. // Use of this source code is governed by a MIT style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. package gin
    6. 

  6. 

  7. import (
    8. 

  8. 	"crypto/subtle"
    9. 

  9. 	"encoding/base64"
    10. 

  10. 	"strconv"
    11. 

  11. )
    12. 

  12. 

  13. // AuthUserKey is the cookie name for user credential in basic auth
    14. 

  14. const AuthUserKey = "user"
    15. 

  15. 

  16. type (
    17. 

  17. 	// Accounts defines a key/value for user/pass list of authorized logins
    18. 

  18. 	Accounts map[string]string
    19. 

  19. 	authPair struct {
    20. 

  20. 		Value string
    21. 

  21. 		User  string
    22. 

  22. 	}
    23. 

  23. 	authPairs []authPair
    24. 

  24. )
    25. 

  25. 

  26. func (a authPairs) searchCredential(authValue string) (string, bool) {
    27. 

  27. 	if len(authValue) == 0 {
    28. 

  28. 		return "", false
    29. 

  29. 	}
    30. 

  30. 	for _, pair := range a {
    31. 

  31. 		if pair.Value == authValue {
    32. 

  32. 			return pair.User, true
    33. 

  33. 		}
    34. 

  34. 	}
    35. 

  35. 	return "", false
    36. 

  36. }
    37. 

  37. 

  38. // BasicAuthForRealm returns a Basic HTTP Authorization middleware. It takes as arguments a map[string]string where
    39. 

  39. // the key is the user name and the value is the password, as well as the name of the Realm.
    40. 

  40. // If the realm is empty, "Authorization Required" will be used by default.
    41. 

  41. // (see http://tools.ietf.org/html/rfc2617#section-1.2)
    42. 

  42. func BasicAuthForRealm(accounts Accounts, realm string) HandlerFunc {
    43. 

  43. 	if realm == "" {
    44. 

  44. 		realm = "Authorization Required"
    45. 

  45. 	}
    46. 

  46. 	realm = "Basic realm=" + strconv.Quote(realm)
    47. 

  47. 	pairs := processAccounts(accounts)
    48. 

  48. 	return func(c *Context) {
    49. 

  49. 		// Search user in the slice of allowed credentials
    50. 

  50. 		user, found := pairs.searchCredential(c.Request.Header.Get("Authorization"))
    51. 

  51. 		if !found {
    52. 

  52. 			// Credentials doesn't match, we return 401 and abort handlers chain.
    53. 

  53. 			c.Header("WWW-Authenticate", realm)
    54. 

  54. 			c.AbortWithStatus(401)
    55. 

  55. 		} else {
    56. 

  56. 			// The user credentials was found, set user's id to key AuthUserKey in this context, the userId can be read later using
    57. 

  57. 			// c.MustGet(gin.AuthUserKey)
    58. 

  58. 			c.Set(AuthUserKey, user)
    59. 

  59. 		}
    60. 

  60. 	}
    61. 

  61. }
    62. 

  62. 

  63. // BasicAuth returns a Basic HTTP Authorization middleware. It takes as argument a map[string]string where
    64. 

  64. // the key is the user name and the value is the password.
    65. 

  65. func BasicAuth(accounts Accounts) HandlerFunc {
    66. 

  66. 	return BasicAuthForRealm(accounts, "")
    67. 

  67. }
    68. 

  68. 

  69. func processAccounts(accounts Accounts) authPairs {
    70. 

  70. 	assert1(len(accounts) > 0, "Empty list of authorized credentials")
    71. 

  71. 	pairs := make(authPairs, 0, len(accounts))
    72. 

  72. 	for user, password := range accounts {
    73. 

  73. 		assert1(len(user) > 0, "User can not be empty")
    74. 

  74. 		value := authorizationHeader(user, password)
    75. 

  75. 		pairs = append(pairs, authPair{
    76. 

  76. 			Value: value,
    77. 

  77. 			User:  user,
    78. 

  78. 		})
    79. 

  79. 	}
    80. 

  80. 	return pairs
    81. 

  81. }
    82. 

  82. 

  83. func authorizationHeader(user, password string) string {
    84. 

  84. 	base := user + ":" + password
    85. 

  85. 	return "Basic " + base64.StdEncoding.EncodeToString([]byte(base))
    86. 

  86. }
    87. 

  87. 

  88. func secureCompare(given, actual string) bool {
    89. 

  89. 	if subtle.ConstantTimeEq(int32(len(given)), int32(len(actual))) == 1 {
    90. 

  90. 		return subtle.ConstantTimeCompare([]byte(given), []byte(actual)) == 1
    91. 

  91. 	}
    92. 

  92. 	/* Securely compare actual to itself to keep constant time, but always return false */
    93. 

  93. 	return subtle.ConstantTimeCompare([]byte(actual), []byte(actual)) == 1 && false
    94. 

  94. }
    95.