1 files changed, 38 insertions, 0 deletions

diff --git a/middlewares/BasicAuthMiddleware.php b/middlewares/BasicAuthMiddleware.php
new file mode 100644
index 00000000..6b0803e2
--- /dev/null
+++ b/middlewares/BasicAuthMiddleware.php
@@ -0,0 +1,38 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * HTTP Basic auth check
+ */
+class BasicAuthMiddleware implements Middleware
+{
+    public function __invoke(Request $request, $next): Response
+    {
+        if (!Configuration::getConfig('authentication', 'enable')) {
+            return $next($request);
+        }
+
+        if (Configuration::getConfig('authentication', 'password') === '') {
+            return new Response('The authentication password cannot be the empty string', 500);
+        }
+        $user = $request->server('PHP_AUTH_USER');
+        $password = $request->server('PHP_AUTH_PW');
+        if ($user === null || $password === null) {
+            $html = render(__DIR__ . '/../templates/error.html.php', [
+                'message' => 'Please authenticate in order to access this instance!',
+            ]);
+            return new Response($html, 401, ['WWW-Authenticate' => 'Basic realm="RSS-Bridge"']);
+        }
+        if (
+            (Configuration::getConfig('authentication', 'username') !== $user)
+            || (!hash_equals(Configuration::getConfig('authentication', 'password'), $password))
+        ) {
+            $html = render(__DIR__ . '/../templates/error.html.php', [
+                'message' => 'Please authenticate in order to access this instance!',
+            ]);
+            return new Response($html, 401, ['WWW-Authenticate' => 'Basic realm="RSS-Bridge"']);
+        }
+        return $next($request);
+    }
+}