From 5f36d7ed52e328904586b0a08891c2f8979aef93 Mon Sep 17 00:00:00 2001 From: Vladislav Yarmak Date: Sun, 24 May 2020 23:07:59 +0300 Subject: [PATCH] refactor URI scheme for basicfile auth provider --- README.md | 3 ++- auth.go | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3dc9336..35ac843 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,8 @@ Authentication parameters are passed as URI via `-auth` parameter. Scheme of URI * `username` - login. * `password` - password. * `hidden_domain` - if specified and is not an empty string, proxy will respond with "407 Proxy Authentication Required" only on specified domain. All unauthenticated clients will receive "400 Bad Request" status. This option is useful to prevent DPI active probing from discovering that service is a proxy, hiding proxy authentication prompt when no valid auth header was provided. Hidden domain is used for generating 407 response code to trigger browser authorization request in cases when browser has no prior knowledge proxy authentication is required. In such cases user has to navigate to any hidden domain page via plaintext HTTP, authenticate themselves and then browser will remember authentication. -* `basicfile` - use htpasswd-like file with login and password pairs for authentication. Such file can be created/updated like this: `touch /etc/dumbproxy.htpasswd && htpasswd -bBC 10 /etc/dumbproxy.htpasswd username password`. Path in URL for this provider must point to a local file with login and bcrypt-hashed password lines. Example: `basicfile:///etc/dumbproxy.htpasswd`. +* `basicfile` - use htpasswd-like file with login and password pairs for authentication. Such file can be created/updated like this: `touch /etc/dumbproxy.htpasswd && htpasswd -bBC 10 /etc/dumbproxy.htpasswd username password`. `path` parameter in URL for this provider must point to a local file with login and bcrypt-hashed password lines. Example: `basicfile://?path=/etc/dumbproxy.htpasswd`. + * `path` - location of file with login and password pairs. File format is similar to htpasswd files. Each line must be in form `:`. Empty lines and lines starting with `#` are ignored. * `hidden_domain` - same as in `static` provider ## Synopsis diff --git a/auth.go b/auth.go index 8aa686c..2588187 100644 --- a/auth.go +++ b/auth.go @@ -81,11 +81,14 @@ type BasicAuth struct { } func NewBasicFileAuth(param_url *url.URL) (*BasicAuth, error) { - filename := param_url.Path values, err := url.ParseQuery(param_url.RawQuery) if err != nil { return nil, err } + filename := values.Get("path") + if filename == "" { + return nil, errors.New("\"path\" parameter is missing from auth config URI") + } f, err := os.Open(filename) if err != nil {