Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Account ¶
type Account struct { Username string `json:"username"` Password []byte `json:"password"` Salt []byte `json:"salt,omitempty"` // for algorithms where external salt is needed }
Account contains a username, password, and salt (if applicable).
type Authentication ¶
type Authentication struct { ProvidersRaw map[string]json.RawMessage `json:"providers,omitempty"` Providers map[string]Authenticator `json:"-"` }
Authentication is a middleware which provides user authentication.
func (Authentication) CaddyModule ¶
func (Authentication) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
func (*Authentication) Provision ¶
func (a *Authentication) Provision(ctx caddy.Context) error
Provision sets up a.
func (Authentication) ServeHTTP ¶
func (a Authentication) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error
type Authenticator ¶
type Authenticator interface {
Authenticate(http.ResponseWriter, *http.Request) (User, bool, error)
}
Authenticator is a type which can authenticate a request. If a request was not authenticated, it returns false. An error is only returned if authenticating the request fails for a technical reason (not for bad/missing credentials).
type BcryptHash ¶
type BcryptHash struct{}
BcryptHash implements the bcrypt hash.
func (BcryptHash) CaddyModule ¶
func (BcryptHash) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
type Comparer ¶
type Comparer interface { // Compare returns true if the result of hashing // plaintextPassword with salt is hashedPassword, // false otherwise. An error is returned only if // there is a technical/configuration error. Compare(hashedPassword, plaintextPassword, salt []byte) (bool, error) }
Comparer is a type that can securely compare a plaintext password with a hashed password in constant-time. Comparers should hash the plaintext password and then use constant-time comparison.
type HTTPBasicAuth ¶
type HTTPBasicAuth struct { HashRaw json.RawMessage `json:"hash,omitempty"` AccountList []Account `json:"accounts,omitempty"` Realm string `json:"realm,omitempty"` Accounts map[string]Account `json:"-"` Hash Comparer `json:"-"` }
HTTPBasicAuth facilitates HTTP basic authentication.
func (HTTPBasicAuth) Authenticate ¶
func (hba HTTPBasicAuth) Authenticate(w http.ResponseWriter, req *http.Request) (User, bool, error)
Authenticate validates the user credentials in req and returns the user, if valid.
func (HTTPBasicAuth) CaddyModule ¶
func (HTTPBasicAuth) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
func (*HTTPBasicAuth) Provision ¶
func (hba *HTTPBasicAuth) Provision(ctx caddy.Context) error
Provision provisions the HTTP basic auth provider.
type ScryptHash ¶
type ScryptHash struct { N int `json:"N,omitempty"` R int `json:"r,omitempty"` P int `json:"p,omitempty"` KeyLength int `json:"key_length,omitempty"` }
ScryptHash implements the scrypt KDF as a hash.
func (ScryptHash) CaddyModule ¶
func (ScryptHash) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
func (ScryptHash) Compare ¶
func (s ScryptHash) Compare(hashed, plaintext, salt []byte) (bool, error)
Compare compares passwords.
func (*ScryptHash) Provision ¶
func (s *ScryptHash) Provision(_ caddy.Context) error
Provision sets up s.
func (*ScryptHash) SetDefaults ¶
func (s *ScryptHash) SetDefaults()
SetDefaults sets safe default parameters, but does not overwrite existing values. Each default parameter is set independently; it does not check to ensure that r*p < 2^30. The defaults chosen are those as recommended in 2019 by https://godoc.org/golang.org/x/crypto/scrypt.