diff options
| author |  Frédéric Guillot <fred@miniflux.net>
| 2018-04-27 20:38:46 -0700 |
|---|---|---|
| committer | Frédéric Guillot <fred@miniflux.net>
| 2018-04-27 20:38:46 -0700 |
| commit | 6b360d08c1f6c8a6cd1b7608f7af734a3ceef8d7 (patch) | |
| tree | 48352d35fa9f3559df05accf4ce4fce1672a2830 /middleware/basic_auth.go | |
| parent | 322b265d7aec7731f7fa703c9a74ceb61ae73f3f (diff) | |
| download | v2-6b360d08c1f6c8a6cd1b7608f7af734a3ceef8d7.tar.gz v2-6b360d08c1f6c8a6cd1b7608f7af734a3ceef8d7.tar.zst v2-6b360d08c1f6c8a6cd1b7608f7af734a3ceef8d7.zip | |
Use Gorilla middleware (refactoring)
Diffstat (limited to 'middleware/basic_auth.go')
| -rw-r--r-- | middleware/basic_auth.go | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/middleware/basic_auth.go b/middleware/basic_auth.go new file mode 100644 index 00000000..9d7a4b2d --- /dev/null +++ b/middleware/basic_auth.go @@ -0,0 +1,61 @@ +// Copyright 2018 Frédéric Guillot. All rights reserved. +// Use of this source code is governed by the Apache 2.0 +// license that can be found in the LICENSE file. + +package middleware + +import ( + "context" + "net/http" + + "github.com/miniflux/miniflux/logger" +) + +// BasicAuth handles HTTP basic authentication. +func (m *Middleware) BasicAuth(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`) + errorResponse := `{"error_message": "Not Authorized"}` + + username, password, authOK := r.BasicAuth() + if !authOK { + logger.Debug("[Middleware:BasicAuth] No authentication headers sent") + w.WriteHeader(http.StatusUnauthorized) + w.Write([]byte(errorResponse)) + return + } + + if err := m.store.CheckPassword(username, password); err != nil { + logger.Info("[Middleware:BasicAuth] Invalid username or password: %s", username) + w.WriteHeader(http.StatusUnauthorized) + w.Write([]byte(errorResponse)) + return + } + + user, err := m.store.UserByUsername(username) + if err != nil { + logger.Error("[Middleware:BasicAuth] %v", err) + w.WriteHeader(http.StatusInternalServerError) + w.Write([]byte(errorResponse)) + return + } + + if user == nil { + logger.Info("[Middleware:BasicAuth] User not found: %s", username) + w.WriteHeader(http.StatusUnauthorized) + w.Write([]byte(errorResponse)) + return + } + + logger.Info("[Middleware:BasicAuth] User authenticated: %s", username) + m.store.SetLastLogin(user.ID) + + ctx := r.Context() + ctx = context.WithValue(ctx, UserIDContextKey, user.ID) + ctx = context.WithValue(ctx, UserTimezoneContextKey, user.Timezone) + ctx = context.WithValue(ctx, IsAdminUserContextKey, user.IsAdmin) + ctx = context.WithValue(ctx, IsAuthenticatedContextKey, true) + + next.ServeHTTP(w, r.WithContext(ctx)) + }) +} |