Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/goji/httpauth
HTTP Authentication middlewares
https://github.com/goji/httpauth
Last synced: about 2 months ago
JSON representation
HTTP Authentication middlewares
- Host: GitHub
- URL: https://github.com/goji/httpauth
- Owner: goji
- License: mit
- Created: 2014-05-26T22:53:57.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2021-09-28T09:25:46.000Z (about 3 years ago)
- Last Synced: 2024-02-15T07:37:36.155Z (10 months ago)
- Language: Go
- Size: 27.3 KB
- Stars: 220
- Watchers: 9
- Forks: 30
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-Char - httpauth - HTTP Authentication middleware. (Authentication and OAuth / Contents)
- awesome-go - httpauth - HTTP Authentication middleware. (Authentication and OAuth)
- awesome-go-cn - httpauth
- awesome-go - httpauth - HTTP Authentication middleware. (Authentication and OAuth)
- fucking-awesome-go - :octocat: httpauth - HTTP Authentication middleware. :star: 93 :fork_and_knife: 11 (Authentication & OAuth)
- awesome-go - httpauth
- cybersecurity-golang-security - httpauth - HTTP Authentication middleware. (Web Framework Hardening)
- awesome-go-security - httpauth - HTTP Authentication middleware. (Web Framework Hardening)
- awesome-go - httpauth - HTTP Authentication middleware. - :arrow_down:68 - :star:102 (Authentication and OAuth)
- awesome-go - httpauth - HTTP Authentication middlewares - ★ 157 (Authentication and OAuth)
- awesome-go-cn - httpauth
- awesome-go - httpauth - 一个HTTP身份验证中间件。 (<span id="身份验证和oauth-authentication-and-auth">身份验证和OAuth Authentication and Auth</span>)
README
# goji/httpauth [![GoDoc](https://godoc.org/github.com/goji/httpauth?status.svg)](https://godoc.org/github.com/goji/httpauth) [![Build Status](https://travis-ci.org/goji/httpauth.svg)](https://travis-ci.org/goji/httpauth)
`httpauth` currently provides [HTTP Basic Authentication middleware](http://tools.ietf.org/html/rfc2617) for Go. It is compatible with Go's own `net/http`, [goji](https://goji.io), Gin & anything that speaks the `http.Handler` interface.
## Example
`httpauth` provides a `SimpleBasicAuth` function to get you up and running. Particularly ideal for development servers.
Note that HTTP Basic Authentication credentials are sent over the wire "in the clear" (read: plaintext!) and therefore should not be considered a robust way to secure a HTTP server. If you're after that, you'll need to use SSL/TLS ("HTTPS") at a minimum.
### Install It
```sh
$ go get github.com/goji/httpauth
```### Goji v2
#### Simple Usage
The fastest and simplest way to get started using `httpauth` is to use the
`SimpleBasicAuth` function.```go
package main
import(
"net/http""goji.io"
)func main() {
mux := goji.NewMux()mux.Use(httpauth.SimpleBasicAuth("dave", "somepassword"))
mux.Use(SomeOtherMiddleware)// YourHandler now requires HTTP Basic Auth
mux.Handle(pat.Get("/some-route"), YourHandler))log.Fatal(http.ListenAndServe("localhost:8000", mux))
}
```#### Advanced Usage
For more control over the process, pass a `AuthOptions` struct to `BasicAuth` instead. This allows you to:
* Configure the authentication realm.
* Provide your own UnauthorizedHandler (anything that satisfies `http.Handler`) so you can return a better looking 401 page.
* Define a custom authentication function, which is discussed in the next section.```go
func main() {
authOpts := httpauth.AuthOptions{
Realm: "DevCo",
User: "dave",
Password: "plaintext!",
UnauthorizedHandler: myUnauthorizedHandler,
}mux := goji.NewMux()
mux.Use(BasicAuth(authOpts))
mux.Use(SomeOtherMiddleware)mux.Handle(pat.Get("/some-route"), YourHandler))
log.Fatal(http.ListenAndServe("localhost:8000", mux))
}
```#### Custom Authentication Function
`httpauth` will accept a custom authentication function.
Normally, you would not set `AuthOptions.User` nor `AuthOptions.Password` in this scenario.
You would instead validate the given credentials against an external system such as a database.
The contrived example below is for demonstration purposes only.```go
func main() {authOpts := httpauth.AuthOptions{
Realm: "DevCo",
AuthFunc: myAuthFunc,
UnauthorizedHandler: myUnauthorizedHandler,
}mux := goji.NewMux()
mux.Use(BasicAuth(authOpts))
mux.Use(SomeOtherMiddleware)mux.Handle(pat.Get("/some-route"), YourHandler))
log.Fatal(http.ListenAndServe("localhost:8000", mux))
}// myAuthFunc is not secure. It checks to see if the password is simply
// the username repeated three times.
func myAuthFunc(user, pass string, r *http.Request) bool {
return pass == strings.Repeat(user, 3)
}
```### gorilla/mux
Since it's all `http.Handler`, `httpauth` works with [gorilla/mux](https://github.com/gorilla/mux) (and most other routers) as well:
```go
package mainimport (
"net/http""github.com/goji/httpauth"
"github.com/gorilla/mux"
)func main() {
r := mux.NewRouter()r.HandleFunc("/", YourHandler)
http.Handle("/", httpauth.SimpleBasicAuth("dave", "somepassword")(r))http.ListenAndServe(":7000", nil)
}func YourHandler(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("Gorilla!\n"))
}
```### net/http
If you're using vanilla `net/http`:
```go
package mainimport(
"net/http""github.com/goji/httpauth"
)func main() {
http.Handle("/", httpauth.SimpleBasicAuth("dave", "somepassword")(http.HandlerFunc(YourHandler)))
http.ListenAndServe(":7000", nil)
}
```## Contributing
Send a pull request! Note that features on the (informal) roadmap include HTTP Digest Auth.
## License
MIT Licensed. See the LICENSE file for details.