v8.4.3

分支 (11)

标签 (56)

管理

管理

master

v12

v11-without-mod-test

v11

v11.2.0

v10

v8

5.0.0

withtray-v7

v6

4.0.0

v12.1.8

v12.1.7

v12.1.6

v12.1.5

v12.1.4

v12.1.3

v12.1.2

v12.1.1

v12.1.0

v12.0.0

v12.0.1

v11.2.8

v11.2.7

v11.2.6

v11.2.5

v11.2.4

v11.2.3

v11.2.2

v11.2.1

v11.2.0

iris
/
middleware
/
basicauth
/
basicauth.go

// Package basicauth provides http basic authentication via middleware. See _examples/authentication/basicauth
package basicauth

// test file: ../../_examples/authentication/basicauth/main_test.go

import (
	"encoding/base64"
	"strconv"
	"time"

	"github.com/kataras/iris"
	"github.com/kataras/iris/context"
)

type (
	encodedUser struct {
		HeaderValue string
		Username    string
		logged      bool
		expires     time.Time
	}
	encodedUsers []encodedUser

	basicAuthMiddleware struct {
		config Config
		// these are filled from the config.Users map at the startup
		auth             encodedUsers
		realmHeaderValue string
		expireEnabled    bool // if the config.Expires is a valid date, default disabled
	}
)

//

// New accepts basicauth.Config and returns a new Handler
// which will ask the client for basic auth (username, password),
// validate that and if valid continues to the next handler, otherwise
// throws a StatusUnauthorized http error code.
func New(c Config) context.Handler {
	config := DefaultConfig()
	if c.Realm != "" {
		config.Realm = c.Realm
	}
	config.Users = c.Users

	b := &basicAuthMiddleware{config: config}
	b.init()
	return b.Serve
}

// Default accepts only the users and returns a new Handler
// which will ask the client for basic auth (username, password),
// validate that and if valid continues to the next handler, otherwise
// throws a StatusUnauthorized http error code.
func Default(users map[string]string) context.Handler {
	c := DefaultConfig()
	c.Users = users
	return New(c)
}

func (b *basicAuthMiddleware) init() {
	// pass the encoded users from the user's config's Users value
	b.auth = make(encodedUsers, 0, len(b.config.Users))

	for k, v := range b.config.Users {
		fullUser := k + ":" + v
		header := "Basic " + base64.StdEncoding.EncodeToString([]byte(fullUser))
		b.auth = append(b.auth, encodedUser{HeaderValue: header, Username: k, logged: false, expires: DefaultExpireTime})
	}

	// set the auth realm header's value
	b.realmHeaderValue = "Basic realm=" + strconv.Quote(b.config.Realm)

	if b.config.Expires > 0 {
		b.expireEnabled = true
	}
}

func (b *basicAuthMiddleware) findAuth(headerValue string) (auth *encodedUser, found bool) {
	if len(headerValue) == 0 {
		return
	}

	for _, user := range b.auth {
		if user.HeaderValue == headerValue {
			auth = &user
			found = true
			break
		}
	}

	return
}

func (b *basicAuthMiddleware) askForCredentials(ctx context.Context) {
	ctx.Header("WWW-Authenticate", b.realmHeaderValue)
	ctx.StatusCode(iris.StatusUnauthorized)
}

// Serve the actual middleware
func (b *basicAuthMiddleware) Serve(ctx context.Context) {

	auth, found := b.findAuth(ctx.GetHeader("Authorization"))
	if !found {
		b.askForCredentials(ctx)
		return
		// don't continue to the next handler
	}
	// all ok
	if b.expireEnabled {
		if auth.logged == false {
			auth.expires = time.Now().Add(b.config.Expires)
			auth.logged = true
		}

		if time.Now().After(auth.expires) {
			b.askForCredentials(ctx) // ask for authentication again
			return
		}
	}
	ctx.Next() // continue
}