-
Notifications
You must be signed in to change notification settings - Fork 115
/
authenticated.go
41 lines (36 loc) · 1.13 KB
/
authenticated.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
package gokrazy
import (
"crypto/subtle"
"encoding/base64"
"fmt"
"net/http"
"strings"
)
func authenticated(w http.ResponseWriter, r *http.Request) {
// defense in depth
if httpPassword == "" {
http.Error(w, "httpPassword not set", http.StatusInternalServerError)
return
}
kind, encoded, found := strings.Cut(r.Header.Get("Authorization"), " ")
if !found || kind != "Basic" {
w.Header().Set("WWW-Authenticate", `Basic realm="gokrazy"`)
http.Error(w, "no Basic Authorization header set", http.StatusUnauthorized)
return
}
b, err := base64.StdEncoding.DecodeString(encoded)
if err != nil {
w.Header().Set("WWW-Authenticate", `Basic realm="gokrazy"`)
http.Error(w, fmt.Sprintf("could not decode Authorization header as base64: %v", err), http.StatusUnauthorized)
return
}
username, password, found := strings.Cut(string(b), ":")
if !found ||
username != "gokrazy" ||
subtle.ConstantTimeCompare([]byte(password), []byte(httpPassword)) != 1 {
w.Header().Set("WWW-Authenticate", `Basic realm="gokrazy"`)
http.Error(w, "invalid username/password", http.StatusUnauthorized)
return
}
http.DefaultServeMux.ServeHTTP(w, r)
}