basicauth

Documentation

Overview

Package basicauth implements HTTP Basic Authentication for Caddy.

This is useful for simple protections on a website, like requiring a password to access an admin interface. This package assumes a fairly small threat model.

Index

• type BasicAuth
  • func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)
• type PasswordMatcher
  • func GetHtpasswdMatcher(filename, username, siteRoot string) (PasswordMatcher, error)
  • func PlainMatcher(passw string) PasswordMatcher
• type Rule

Types

type BasicAuth

type BasicAuth struct {
	Next     httpserver.Handler
	SiteRoot string
	Rules    []Rule
}

BasicAuth is middleware to protect resources with a username and password. Note that HTTP Basic Authentication is not secure by itself and should not be used to protect important assets without HTTPS. Even then, the security of HTTP Basic Auth is disputed. Use discretion when deciding what to protect with BasicAuth.

func (BasicAuth) ServeHTTP

func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)

ServeHTTP implements the httpserver.Handler interface.

type PasswordMatcher

type PasswordMatcher func(pw string) bool

PasswordMatcher determines whether a password matches a rule.

func GetHtpasswdMatcher

func GetHtpasswdMatcher(filename, username, siteRoot string) (PasswordMatcher, error)

GetHtpasswdMatcher matches password rules.

func PlainMatcher

func PlainMatcher(passw string) PasswordMatcher

PlainMatcher returns a PasswordMatcher that does a constant-time byte comparison against the password passw.

type Rule

type Rule struct {
	Username  string
	Password  func(string) bool
	Resources []string
	Realm     string // See RFC 1945 and RFC 2617, default: "Restricted"
}

Rule represents a BasicAuth rule. A username and password combination protect the associated resources, which are file or directory paths.