diff options
Diffstat (limited to 'srv/src/http/auth.go')
-rw-r--r-- | srv/src/http/auth.go | 94 |
1 files changed, 0 insertions, 94 deletions
diff --git a/srv/src/http/auth.go b/srv/src/http/auth.go deleted file mode 100644 index 3ad026a..0000000 --- a/srv/src/http/auth.go +++ /dev/null @@ -1,94 +0,0 @@ -package http - -import ( - "context" - "net/http" - "time" - - "github.com/mediocregopher/blog.mediocregopher.com/srv/http/apiutil" - "golang.org/x/crypto/bcrypt" -) - -// NewPasswordHash returns the hash of the given plaintext password, for use -// with Auther. -func NewPasswordHash(plaintext string) string { - hashedPassword, err := bcrypt.GenerateFromPassword([]byte(plaintext), 13) - if err != nil { - panic(err) - } - return string(hashedPassword) -} - -// Auther determines who can do what. -type Auther interface { - Allowed(ctx context.Context, username, password string) bool - Close() error -} - -type auther struct { - users map[string]string - ticker *time.Ticker -} - -// NewAuther initializes and returns an Auther will which allow the given -// username and password hash combinations. Password hashes must have been -// created using NewPasswordHash. -func NewAuther(users map[string]string, ratelimit time.Duration) Auther { - return &auther{ - users: users, - ticker: time.NewTicker(ratelimit), - } -} - -func (a *auther) Close() error { - a.ticker.Stop() - return nil -} - -func (a *auther) Allowed(ctx context.Context, username, password string) bool { - - select { - case <-ctx.Done(): - return false - case <-a.ticker.C: - } - - hashedPassword, ok := a.users[username] - if !ok { - return false - } - - err := bcrypt.CompareHashAndPassword( - []byte(hashedPassword), []byte(password), - ) - - return err == nil -} - -func authMiddleware(auther Auther) middleware { - - respondUnauthorized := func(rw http.ResponseWriter, r *http.Request) { - rw.Header().Set("WWW-Authenticate", `Basic realm="NOPE"`) - rw.WriteHeader(http.StatusUnauthorized) - apiutil.GetRequestLogger(r).WarnString(r.Context(), "unauthorized") - } - - return func(h http.Handler) http.Handler { - return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - - username, password, ok := r.BasicAuth() - - if !ok { - respondUnauthorized(rw, r) - return - } - - if !auther.Allowed(r.Context(), username, password) { - respondUnauthorized(rw, r) - return - } - - h.ServeHTTP(rw, r) - }) - } -} |