github.com/goji/httpauth
httpauth currently provides HTTP Basic Authentication middleware for Go. It is compatible with Go's own net/http, goji, Gin & anything that speaks the http.Handler interface.
httpauth provides a SimpleBasicAuth function to get you up and running. Particularly ideal for development servers.
Note that HTTP Basic Authentication credentials are sent over the wire "in the clear" (read: plaintext!) and therefore should not be considered a robust way to secure a HTTP server. If you're after that, you'll need to use SSL/TLS ("HTTPS") at a minimum.
$ go get github.com/goji/httpauth
The fastest and simplest way to get started using httpauth is to use the
SimpleBasicAuth function.
package main
import(
"net/http"
"goji.io"
)
func main() {
mux := goji.NewMux()
mux.Use(httpauth.SimpleBasicAuth("dave", "somepassword"))
mux.Use(SomeOtherMiddleware)
// YourHandler now requires HTTP Basic Auth
mux.Handle(pat.Get("/some-route"), YourHandler))
log.Fatal(http.ListenAndServe("localhost:8000", mux))
}
For more control over the process, pass a AuthOptions struct to BasicAuth instead. This allows you to:
http.Handler) so you can return a better looking 401 page.
func main() {
authOpts := httpauth.AuthOptions{
Realm: "DevCo",
User: "dave",
Password: "plaintext!",
UnauthorizedHandler: myUnauthorizedHandler,
}
mux := goji.NewMux()
mux.Use(BasicAuth(authOpts))
mux.Use(SomeOtherMiddleware)
mux.Handle(pat.Get("/some-route"), YourHandler))
log.Fatal(http.ListenAndServe("localhost:8000", mux))
}
httpauth will accept a custom authentication function.
Normally, you would not set AuthOptions.User nor AuthOptions.Password in this scenario.
You would instead validate the given credentials against an external system such as a database.
The contrived example below is for demonstration purposes only.
func main() {
authOpts := httpauth.AuthOptions{
Realm: "DevCo",
AuthFunc: myAuthFunc,
UnauthorizedHandler: myUnauthorizedHandler,
}
mux := goji.NewMux()
mux.Use(BasicAuth(authOpts))
mux.Use(SomeOtherMiddleware)
mux.Handle(pat.Get("/some-route"), YourHandler))
log.Fatal(http.ListenAndServe("localhost:8000", mux))
}
// myAuthFunc is not secure. It checks to see if the password is simply
// the username repeated three times.
func myAuthFunc(user, pass string, r *http.Request) bool {
return pass == strings.Repeat(user, 3)
}
Since it's all http.Handler, httpauth works with gorilla/mux (and most other routers) as well:
package main
import (
"net/http"
"github.com/goji/httpauth"
"github.com/gorilla/mux"
)
func main() {
r := mux.NewRouter()
r.HandleFunc("/", YourHandler)
http.Handle("/", httpauth.SimpleBasicAuth("dave", "somepassword")(r))
http.ListenAndServe(":7000", nil)
}
func YourHandler(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("Gorilla!\n"))
}
If you're using vanilla net/http:
package main
import(
"net/http"
"github.com/goji/httpauth"
)
func main() {
http.Handle("/", httpauth.SimpleBasicAuth("dave", "somepassword")(http.HandlerFunc(YourHandler)))
http.ListenAndServe(":7000", nil)
}
Send a pull request! Note that features on the (informal) roadmap include HTTP Digest Auth.
MIT Licensed. See the LICENSE file for details.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.