{"id":27612784,"url":"https://github.com/lauslim12/basic","last_synced_at":"2025-04-23T01:55:54.258Z","repository":{"id":40412703,"uuid":"473493468","full_name":"lauslim12/basic","owner":"lauslim12","description":"Plug and play, generic, secure, and customizable Basic Authentication library for Go's HTTP handlers. No dependencies and conforms to RFC 7617.","archived":false,"fork":false,"pushed_at":"2023-01-15T13:40:27.000Z","size":38,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-06-21T09:51:57.302Z","etag":null,"topics":["api","basic-authentication","go","http","library","rfc7617"],"latest_commit_sha":null,"homepage":"https://pkg.go.dev/github.com/lauslim12/basic","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lauslim12.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-03-24T07:06:31.000Z","updated_at":"2022-05-26T14:55:05.000Z","dependencies_parsed_at":"2023-02-09T22:15:49.633Z","dependency_job_id":null,"html_url":"https://github.com/lauslim12/basic","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lauslim12%2Fbasic","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lauslim12%2Fbasic/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lauslim12%2Fbasic/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lauslim12%2Fbasic/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lauslim12","download_url":"https://codeload.github.com/lauslim12/basic/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250354301,"owners_count":21416751,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","basic-authentication","go","http","library","rfc7617"],"created_at":"2025-04-23T01:55:53.730Z","updated_at":"2025-04-23T01:55:54.248Z","avatar_url":"https://github.com/lauslim12.png","language":"Go","readme":"# Basic\n\nProvides plug and play, generic, secure, easy to use, customizable, and painless Basic Authentication middleware for Go's HTTP handlers. No dependencies!\n\nThis package tries its best to implement all specifications in a customizable way as specified in [RFC 7617](https://datatracker.ietf.org/doc/html/rfc7617), the newest version of Basic Authentication which obsoletes [RFC 2617](https://datatracker.ietf.org/doc/html/rfc2617).\n\n## Why Basic?\n\n- **No dependencies.** Basic only needs standard Go and no dependencies are required.\n- **Battle-tested.** This library conforms to the standard library (which a lot of people use nowadays).\n- **Lightweight.** Basic is small in size, due to not having any dependencies.\n- **Secure.** Tries its best to implement as many security considerations as possible, but you **definitely have to use HTTPS in production if you intend to use this in production**.\n- **Generic.** This library is generic and implements `http.Handler` to ensure maximum compatibility with as many Go frameworks as possible.\n- **100% tested.** As this library is small, the code coverage is still 100% for now.\n- **Well documented.** Check out this `README.md` document and the technical documentation for further reading!\n\n## Security Considerations\n\nIf you want to use this in production environment, here are additional security considerations:\n\n- Ensure you are running this using HTTPS with SSL/TLS to prevent man in the middle attacks.\n- Enable HSTS (`Strict-Transport-Security`) to prevent your site from being accessed with HTTP. Set redirects (`301 Moved Permanently`) from HTTP to HTTPS permanently in your reverse proxy / Go app. Use HTTPS forever!\n- Use secure HTTP headers to prevent malicious browser agents (`X-XSS-Protection`, `X-Content-Type-Options`, `X-DNS-Prefetch-Control`, and the like).\n- Use rate limiters in endpoints protected by Basic Authentication to prevent brute-force attacks.\n- As usual, keep your passwords strong. Use symbols, numbers, uppercases, and lowercases. Even better if you use password managers.\n- Follow and read security guidelines: [OWASP Cheatsheets](https://cheatsheetseries.owasp.org/)!\n- My two cents and security tip: Basic Authentication should placed in an endpoint that gives out sessions / tokens on successful authentication. Make sure that endpoint is not cacheable (use `PUT`, `PATCH`, `POST` without `Cache-Control` headers, by default they are not cacheable, do not use `GET` and `HEAD` if possible). This relieves the pain of having to deal with logout and/or cache problems. You can then delegate your authentication via the given out sessions / tokens.\n\n## Documentation\n\nComplete documentation could be seen in the official [pkg.go.dev site](https://pkg.go.dev/github.com/lauslim12/basic).\n\n## Installation\n\nYou have to perform the following steps (assume using Go 1.18):\n\n- Download this library.\n\n```bash\ngo install github.com/lauslim12/basic\n\n# for older go versions: go get -u github.com/lauslim12/basic\n```\n\n- Import it in your source code.\n\n```go\nimport \"github.com/lauslim12/basic\"\n```\n\n- Instantiate the `BasicAuth` object, and you can wrap it in any endpoint you desire to protect it!\n\n```go\nfunc main() {\n    // Create a one-to-one mapping of username and password.\n    users := map[string]string{\"nehemiah\":\"nehemiahpassword\"}\n\n    // Use default authenticator function, set charset to UTF-8, use default invalid scheme response,\n    // use default invalid credentials response, set custom realm, and set static user list.\n    basicAuth := basic.NewCustomBasicAuth(nil, \"UTF-8\", nil, nil, \"Private\", users)\n    http.HandleFunc(\"/\", basicAuth.Authenticate(func(w http.ResponseWriter, r *http.Request) {\n        w.WriteHeader(http.StatusOK)\n        w.Write([]byte(http.StatusText(http.StatusOK)))\n    }))\n}\n```\n\n- Test the endpoint!\n\n```bash\ncurl -u nehemiah:nehemiahpassword \u003cAPI_ENDPOINT_URL\u003e\n```\n\n- Done!\n\n## Customizations\n\nCustomization is the core part of this library. You can customize anything, and you can even define / create a middleware before or after the `Authenticate` middleware method if you need to perform some preprocessing or postprocessing.\n\n- As an example, you may define your own authorizer if you need to do so. Below code is for reference:\n\n```go\nfunc main() {\n    // This pseudocode example sets no static users and calls the user from the DB based on\n    // the user's input. It then matches the password and returns the boolean value.\n    basicAuth := basic.NewCustomBasicAuth(func(username, password string) bool {\n        user := getUserFromDB(username)\n        match := basic.CompareInputs(password, user.Password)\n\n        return match\n    }, \"UTF-8\", nil, nil, \"Private Not-Static\", nil)\n\n    // After defining it, we then hook it into our handler.\n    http.HandleFunc(\"/\", basicAuth.Authenticate(func(w http.ResponseWriter, r *http.Request) {\n        w.WriteHeader(http.StatusAccepted)\n        w.Write([]byte(http.StatusText(http.StatusAccepted)))\n    }))\n}\n```\n\n- You can customize your `Authenticator` function (signature is `func(username, password string) bool`), `Charset` (defaults to `UTF-8` according to RFC 7617), `InvalidSchemeResponse` (signature is `http.Handler`), `InvalidCredentialsResponse` (signature is `http.Handler`), `Realm` (signature is `string`), and `Users` (signature is `map[string]string`). `Users` itself will contain the 1-to-1 mapping of username and password. As long as it conforms to the interface / function signature, you can customize it with anything you want.\n\n## Examples\n\nPlease see examples at [the example project (`example/main.go`)](./example). You can run it by doing `go run example/main.go` and then connect to `localhost:5000` on your web browser / API client.\n\n## Contributing\n\nThis tool is open source and the contribution of this tool is highly encouraged! If you want to contribute to this project, please feel free to read the `CONTRIBUTING.md` file for the contributing guidelines.\n\n## License\n\nThis work is licensed under MIT License. Please check the `LICENSE` file for more information.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flauslim12%2Fbasic","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flauslim12%2Fbasic","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flauslim12%2Fbasic/lists"}