Basic HTTP authentication

Implemented basic login using standard WWW-Authenticate method
2024-09-19 17:21:10 +01:00 · 2017-07-15 08:06:37 -07:00 · 2017-07-15 08:06:37 -07:00 · e61bcb91c4
parent a959d7c23c
commit e61bcb91c4
4 changed files with 47 additions and 1 deletions
--- a/admin.go
+++ b/admin.go
@ -0,0 +1,10 @@
+package main
+
+import (
+	"io/ioutil"
+	"fmt"
+)
+
+func CreateEpisode() {
+	
+}
--- a/assets/admin.html
+++ b/assets/admin.html
@ -0,0 +1 @@
+admin.html
--- a/assets/index.html
+++ b/assets/index.html
@ -13,7 +13,7 @@
    
 </div>
 <footer>
-    <p>White Rabbit licensed under the GPLv3</p>
+    <p>White Rabbit licensed under the GPLv3 | <a href="/rss">RSS</a> <a href="/json">JSON</a></p>
 </footer>
 <script>
 get("/json", function(data){
--- a/webserver.go
+++ b/webserver.go
@ -5,6 +5,7 @@ import (
 	"io/ioutil"
 	"log"
 	"net/http"
+	"crypto/subtle"

 	"github.com/gorilla/mux"
 )
@ -42,6 +43,39 @@ func HomeHandler(w http.ResponseWriter, r *http.Request) {
 	}
 }

+
+/*
+ * Code from stackoverflow by user Timmmm
+ * https://stackoverflow.com/questions/21936332/idiomatic-way-of-requiring-http-basic-auth-in-go/39591234#39591234
+*/
+func BasicAuth(handler http.HandlerFunc, username, password, realm string) http.HandlerFunc {
+
+    return func(w http.ResponseWriter, r *http.Request) {
+
+        user, pass, ok := r.BasicAuth()
+
+        if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(username)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(password)) != 1 {
+            w.Header().Set("WWW-Authenticate", `Basic realm="White Rabbit"`)
+            w.WriteHeader(401)
+            w.Write([]byte("Unauthorised.\n"))
+            return
+        }
+
+        handler(w, r)
+    }
+}
+
+func AdminHandler(w http.ResponseWriter, r *http.Request) {
+	data, err := ioutil.ReadFile("assets/admin.html")
+
+	if err == nil {
+		w.Write(data)
+	} else {
+		w.WriteHeader(404)
+		w.Write([]byte("404 Something went wrong - " + http.StatusText(404)))
+	}
+}
+
 func main() {
 	go watch()
 	r := mux.NewRouter()
@ -51,5 +85,6 @@ func main() {
 	r.HandleFunc("/rss", RssHandler)
 	r.HandleFunc("/json", JsonHandler)
 	http.Handle("/", r)
+	r.HandleFunc("/admin", BasicAuth(AdminHandler, "g", "password", "Login to White Rabbit admin interface"))
 	log.Fatal(http.ListenAndServe(":8000", r))
 }