Home Explore Help
Register Sign In
publics
/
gin-gonic__gin
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e8bc8f48e9
Branches Tags
gin-gonic__gin
/
auth.go

auth.go 2.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596 
  1. // Copyright 2014 Manu Martinez-Almeida.  All rights reserved.
    2. 

  2. // Use of this source code is governed by a MIT style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. package gin
    6. 

  6. 

  7. import (
    8. 

  8. 	"crypto/subtle"
    9. 

  9. 	"encoding/base64"
    10. 

  10. 	"strconv"
    11. 

  11. )
    12. 

  12. 

  13. const AuthUserKey = "user"
    14. 

  14. 

  15. type (
    16. 

  16. 	Accounts map[string]string
    17. 

  17. 	authPair struct {
    18. 

  18. 		Value string
    19. 

  19. 		User  string
    20. 

  20. 	}
    21. 

  21. 	authPairs []authPair
    22. 

  22. )
    23. 

  23. 

  24. func (a authPairs) searchCredential(authValue string) (string, bool) {
    25. 

  25. 	if len(authValue) == 0 {
    26. 

  26. 		return "", false
    27. 

  27. 	}
    28. 

  28. 	for _, pair := range a {
    29. 

  29. 		if pair.Value == authValue {
    30. 

  30. 			return pair.User, true
    31. 

  31. 		}
    32. 

  32. 	}
    33. 

  33. 	return "", false
    34. 

  34. }
    35. 

  35. 

  36. // BasicAuthForRealm returns a Basic HTTP Authorization middleware. It takes as arguments a map[string]string where
    37. 

  37. // the key is the user name and the value is the password, as well as the name of the Realm.
    38. 

  38. // If the realm is empty, "Authorization Required" will be used by default.
    39. 

  39. // (see http://tools.ietf.org/html/rfc2617#section-1.2)
    40. 

  40. func BasicAuthForRealm(accounts Accounts, realm string) HandlerFunc {
    41. 

  41. 	if realm == "" {
    42. 

  42. 		realm = "Authorization Required"
    43. 

  43. 	}
    44. 

  44. 	realm = "Basic realm=" + strconv.Quote(realm)
    45. 

  45. 	pairs := processAccounts(accounts)
    46. 

  46. 	return func(c *Context) {
    47. 

  47. 		// Search user in the slice of allowed credentials
    48. 

  48. 		user, found := pairs.searchCredential(c.Request.Header.Get("Authorization"))
    49. 

  49. 		if !found {
    50. 

  50. 			// Credentials doesn't match, we return 401 and abort handlers chain.
    51. 

  51. 			c.Header("WWW-Authenticate", realm)
    52. 

  52. 			c.AbortWithStatus(401)
    53. 

  53. 		} else {
    54. 

  54. 			// The user credentials was found, set user's id to key AuthUserKey in this context, the userId can be read later using
    55. 

  55. 			// c.MustGet(gin.AuthUserKey)
    56. 

  56. 			c.Set(AuthUserKey, user)
    57. 

  57. 		}
    58. 

  58. 	}
    59. 

  59. }
    60. 

  60. 

  61. // BasicAuth returns a Basic HTTP Authorization middleware. It takes as argument a map[string]string where
    62. 

  62. // the key is the user name and the value is the password.
    63. 

  63. func BasicAuth(accounts Accounts) HandlerFunc {
    64. 

  64. 	return BasicAuthForRealm(accounts, "")
    65. 

  65. }
    66. 

  66. 

  67. func processAccounts(accounts Accounts) authPairs {
    68. 

  68. 	if len(accounts) == 0 {
    69. 

  69. 		panic("Empty list of authorized credentials")
    70. 

  70. 	}
    71. 

  71. 	pairs := make(authPairs, 0, len(accounts))
    72. 

  72. 	for user, password := range accounts {
    73. 

  73. 		if len(user) == 0 {
    74. 

  74. 			panic("User can not be empty")
    75. 

  75. 		}
    76. 

  76. 		value := authorizationHeader(user, password)
    77. 

  77. 		pairs = append(pairs, authPair{
    78. 

  78. 			Value: value,
    79. 

  79. 			User:  user,
    80. 

  80. 		})
    81. 

  81. 	}
    82. 

  82. 	return pairs
    83. 

  83. }
    84. 

  84. 

  85. func authorizationHeader(user, password string) string {
    86. 

  86. 	base := user + ":" + password
    87. 

  87. 	return "Basic " + base64.StdEncoding.EncodeToString([]byte(base))
    88. 

  88. }
    89. 

  89. 

  90. func secureCompare(given, actual string) bool {
    91. 

  91. 	if subtle.ConstantTimeEq(int32(len(given)), int32(len(actual))) == 1 {
    92. 

  92. 		return subtle.ConstantTimeCompare([]byte(given), []byte(actual)) == 1
    93. 

  93. 	}
    94. 

  94. 	/* Securely compare actual to itself to keep constant time, but always return false */
    95. 

  95. 	return subtle.ConstantTimeCompare([]byte(actual), []byte(actual)) == 1 && false
    96. 

  96. }
    97.