auth.go

   1 /*
   2 godlighty -- highly-customizable HTTP, HTTP/2, HTTPS server
   3 Copyright (C) 2021-2023 Sergey Matveev <stargrave@stargrave.org>
   4
   5 This program is free software: you can redistribute it and/or modify
   6 it under the terms of the GNU General Public License as published by
   7 the Free Software Foundation, version 3 of the License.
   8
   9 This program is distributed in the hope that it will be useful,
  10 but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 GNU General Public License for more details.
  13
  14 You should have received a copy of the GNU General Public License
  15 along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16 */
  17
  18 package godlighty
  19
  20 import (
  21         "crypto/sha256"
  22         "encoding/hex"
  23         "errors"
  24         "fmt"
  25         "net/http"
  26         "os"
  27         "strings"
  28 )
  29
  30 var Unauthorized = errors.New("failed authorization")
  31
  32 func performAuth(w http.ResponseWriter, r *http.Request, cfg *AuthCfg) (string, error) {
  33         username, password, ok := r.BasicAuth()
  34         if !ok {
  35                 w.Header().Add("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, cfg.Realm))
  36                 w.WriteHeader(http.StatusUnauthorized)
  37                 return username, Unauthorized
  38         }
  39         data, err := os.ReadFile(cfg.Passwords)
  40         if err != nil {
  41                 return username, err
  42         }
  43         for _, line := range strings.Split(string(data), "\n") {
  44                 if len(line) == 0 || line[0] == '#' {
  45                         continue
  46                 }
  47                 cols := strings.Split(line, ":")
  48                 if len(cols) != 2 {
  49                         continue
  50                 }
  51                 if cols[0] == username {
  52                         d := sha256.Sum256([]byte(password))
  53                         if hex.EncodeToString(d[:]) == cols[1] {
  54                                 return username, nil
  55                         } else {
  56                                 w.WriteHeader(http.StatusUnauthorized)
  57                                 return username, Unauthorized
  58                         }
  59                 }
  60         }
  61         w.WriteHeader(http.StatusUnauthorized)
  62         return username, Unauthorized
  63 }