{"id":41784194,"url":"https://github.com/mwat56/passlist","last_synced_at":"2026-01-25T04:08:09.032Z","repository":{"id":57491083,"uuid":"184628092","full_name":"mwat56/passlist","owner":"mwat56","description":"Add BasicAuth for Go web-server clients","archived":false,"fork":false,"pushed_at":"2025-05-02T11:08:38.000Z","size":137,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-14T07:39:07.358Z","etag":null,"topics":["authentication","golang","golang-package","middleware","password-store","website"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mwat56.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-05-02T18:05:41.000Z","updated_at":"2025-05-02T11:08:41.000Z","dependencies_parsed_at":"2023-07-13T20:45:03.698Z","dependency_job_id":"ce3dabc6-b01b-4532-80cb-5e7ab578a071","html_url":"https://github.com/mwat56/passlist","commit_stats":null,"previous_names":["mwat56/go-passlist"],"tags_count":26,"template":false,"template_full_name":null,"purl":"pkg:github/mwat56/passlist","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mwat56%2Fpasslist","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mwat56%2Fpasslist/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mwat56%2Fpasslist/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mwat56%2Fpasslist/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mwat56","download_url":"https://codeload.github.com/mwat56/passlist/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mwat56%2Fpasslist/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28742983,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-25T02:46:29.005Z","status":"ssl_error","status_checked_at":"2026-01-25T02:44:29.968Z","response_time":113,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","golang","golang-package","middleware","password-store","website"],"created_at":"2026-01-25T04:08:08.964Z","updated_at":"2026-01-25T04:08:09.027Z","avatar_url":"https://github.com/mwat56.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PassList\n\n[![Golang](https://img.shields.io/badge/Language-Go-green.svg)](https://golang.org)\n[![GoDoc](https://godoc.org/github.com/mwat56/passlist?status.svg)](https://godoc.org/github.com/mwat56/passlist)\n[![Go Report](https://goreportcard.com/badge/github.com/mwat56/passlist)](https://goreportcard.com/report/github.com/mwat56/passlist)\n[![Issues](https://img.shields.io/github/issues/mwat56/passlist.svg)](https://github.com/mwat56/passlist/issues?q=is%3Aopen+is%3Aissue)\n[![Size](https://img.shields.io/github/repo-size/mwat56/passlist.svg)](https://github.com/mwat56/passlist/)\n[![Tag](https://img.shields.io/github/tag/mwat56/passlist.svg)](https://github.com/mwat56/passlist/tags)\n[![License](https://img.shields.io/github/license/mwat56/passlist.svg)](https://github.com/mwat56/passlist/blob/main/LICENSE)\n[![View examples](https://img.shields.io/badge/learn%20by-examples-0077b3.svg)](https://github.com/mwat56/passlist/blob/main/app/passlist.go)\n\n- [PassList](#passlist)\n\t- [Purpose](#purpose)\n\t- [Installation](#installation)\n\t- [Usage](#usage)\n\t\t- [Authentication](#authentication)\n\t\t- [HTTP handler](#http-handler)\n\t\t- [The user/password list](#the-userpassword-list)\n\t\t- [Access denial](#access-denial)\n\t\t- [Security](#security)\n\t- [Commandline tool](#commandline-tool)\n\t- [Libraries](#libraries)\n\t- [Licence](#licence)\n\n----\n\n## Purpose\n\nSometimes there is a need to password-protect your web-server, either in whole or just some parts of it. That's were this little package comes in. It offers to simply integrate the popular [BasicAuth](https://en.wikipedia.org/wiki/Basic_access_authentication) mechanism into your own web-server.\n\n\u003e **Note**: To be on the safe side your web-server should use `HTTPS` instead of plain old `HTTP` to avoid the chance of someone eavesdropping on the username/password transmission.\n\n## Installation\n\nYou can use `Go` to install this package for you:\n\n    go get -u github.com/mwat56/passlist\n\nThen in your application you add\n\n    import \"github.com/mwat56/passlist\"\n\nand use the provided functions (discussed below) as you see fit.\n\n## Usage\n\n### Authentication\n\n`PassList` provides an easy way to handle HTTP Basic Authentication by simply calling the package's `Wrap()` function and implementing the `TAuthDecider` interface which only requires the single function or method\n\n    NeedAuthentication(aRequest *http.Request) bool\n\nThat function may decide on whatever means necessary whether to grant access (returning `true`) or deny it (returning `false`).\n\nFor your ease there are two `TAuthDecider` implementations provided: `TAuthSkipper` (which generally returns `false`) and `TAuthNeeder` (which generally returns `true`). Just instantiate one of those - or, of course, your own implementation - and pass it to the `Wrap()` function.\n\n### HTTP handler\n\nTo use this module as socalled middleware there's a function which you can call to wrap your existing HTTP handler thus allowing automatic authentication:\n\n\tfunc Wrap(aNext http.Handler,\n\t    aRealm, aPasswdFile string,\n\t    aAuthDecider IAuthDecider) http.Handler\n\nThe arguments mean:\n\n* `aNext`: The handler to be called after successful authentication; you will use the return value of `Wrap()` instead after you called this function.\n\n* `aRealm`: The name of the host/domain to protect (this can be any string you like); it will be shown by most browsers when the username/password is requested.\n\n* `aPasswdFile`: The name of the password file that holds all the username/password pairs to use when authentication is actually required.\n\n* `aAuthDecider`: A deciding function we talked about above.\n\nSo, in short: implement the `IAuthDecider` interface and call `passlist.Wrap(…)`, and you're done.\n\n### The user/password list\n\nThe package provides a `TPassList` class with methods to work with a username/password list. It's fairly well [documented](https://pkg.go.dev/github.com/mwat56/passlist), so it shouldn't be too hard to use it on your own if you don't like the automatic handling provided by `Wrap()`. You can create a new instance by either calling `passlist.LoadPasswords(aFilename string)` (which, as its name says, tries to load the given password file at once), or you call `passlist.New(aFilename string)` (which leaves it to you when to actually read the password file by calling the `TPassList` object's `Load()` method).\n\nThis library provides a couple of functions you can use in your own program to maintain your own password list without having to use the `TPassList` class directly.\n\n* `AddUser(aUser, aFilename string)` reads a password for `aUser` from the commandline and adds it to `aFilename`.\n* `CheckUser(aUser, aFilename string)` reads a password for `aUser` from the commandline and compares it with the one stored in `aFilename`.\n* `DeleteUser(aUser, aFilename string)` removes the entry for `aUser` from the password list stored in `aFilename`.\n* `ListUsers(aFilename string)` reads `aFilename` and lists all users stored in that file.\n* `UpdateUser(aUser, aFilename string)` reads a password for `aUser` from the commandline and updates the entry in the password list in `aFilename`.\n\n\u003e **Note**: All these functions _do not return_ to the caller but terminate the respective program with error code `0` (zero) if successful, or `1` (one) otherwise.\n\n### Access denial\n\nThere's an additional convenience function called `passlist.Deny()` which sends an _\"Unauthorised\"_ notice to the remote host in case the remote user couldn't be authenticated; this function is called internally whenever your `TAuthDecider` required authentication and wasn't given valid credentials from the remote user.\n\n### Security\n\nTo further improve the safety of the passwords they are _peppered_ before hashing and storing them.\n\nThe default _pepper_ value can be read by calling:\n\n\tpepper := passlist.Pepper()\n\nAnd the _pepper_ value can be changed by calling:\n\n\tmyPepper := \"This is my common 'pepper' value for the user passwords\"\n\tpasslist.SetPepper(myPepper)\n\n\u003e **Note**: Changing the _pepper_ value _after_ storing user/password pairs **will** invalidate all existing userlist entries!\n\nPlease refer to the [source code documentation](https://godoc.org/github.com/mwat56/passlist#TPassList) for further details ot the `TPassList` class.\n\n## Commandline tool\n\nIn the package's `./app` folder you'll find the `passlist.go` program which implements the maintenance of password files with the following options:\n\n\t-add string\n\t\t\u003cusername\u003e name of the user to add to the file (prompting for the password)\n\t-chk string\n\t\t\u003cusername\u003e name of the user whose pass to check (prompting for the password)\n\t-del string\n\t\t\u003cusername\u003e name of the user to remove from the file\n\t-file string\n\t\t\u003cfilename\u003e name of the passwordfile to use (default \"pwaccess.db\")\n\t-lst list all current usernames from the list\n\t-q    whether to be quiet or not (suppress screen output)\n\t-upd string\n\t\t\u003cusername\u003e name of the user to update in the file (prompting for the password)\n\nThis example app shows how to use the `passlist` package in your own program. Additionally it could be used as a standalone tool to manage your password files.\n\n## Libraries\n\nThe following external libraries are used building `PassList`:\n\n* [BCrypt](https://pkg.go.dev/golang.org/x/crypto/bcrypt) supplementary Go cryptography library.\n* [SourceError](https://github.com/mwat56/sourceerror) improved error handling.\n* [Syscalls](https://pkg.go.dev/golang.org/x/sys) OS-specific functionality.\n* [Terminal](https://pkg.go.dev/golang.org/x/term) commandline handling.\n\n## Licence\n\n    Copyright © 2019, 2025  M.Watermann, 10247 Berlin, Germany\n                    All rights reserved\n                EMail : \u003csupport@mwat.de\u003e\n\n\u003e This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.\n\u003e\n\u003e This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\u003e\n\u003e You should have received a copy of the GNU General Public License along with this program.  If not, see the [GNU General Public License](http://www.gnu.org/licenses/gpl.html) for details.\n\n----\n[![GFDL](https://www.gnu.org/graphics/gfdl-logo-tiny.png)](http://www.gnu.org/copyleft/fdl.html)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmwat56%2Fpasslist","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmwat56%2Fpasslist","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmwat56%2Fpasslist/lists"}