auth: hidden_auth option
This commit is contained in:
parent
a8a8bef4db
commit
6b024dd763
43
auth.go
43
auth.go
|
@ -33,49 +33,58 @@ func NewAuth(paramstr string) (Auth, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
type StaticAuth string
|
type StaticAuth struct {
|
||||||
|
token string
|
||||||
|
hiddenDomain string
|
||||||
|
}
|
||||||
|
|
||||||
func NewStaticAuth(param_url *url.URL) (StaticAuth, error) {
|
func NewStaticAuth(param_url *url.URL) (*StaticAuth, error) {
|
||||||
values, err := url.ParseQuery(param_url.RawQuery)
|
values, err := url.ParseQuery(param_url.RawQuery)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return StaticAuth(""), err
|
return nil, err
|
||||||
}
|
}
|
||||||
username := values.Get("username")
|
username := values.Get("username")
|
||||||
if username == "" {
|
if username == "" {
|
||||||
return StaticAuth(""), errors.New("\"username\" parameter is missing from auth config URI")
|
return nil, errors.New("\"username\" parameter is missing from auth config URI")
|
||||||
}
|
}
|
||||||
password := values.Get("password")
|
password := values.Get("password")
|
||||||
if password == "" {
|
if password == "" {
|
||||||
return StaticAuth(""), errors.New("\"password\" parameter is missing from auth config URI")
|
return nil, errors.New("\"password\" parameter is missing from auth config URI")
|
||||||
}
|
}
|
||||||
return StaticAuth(base64.StdEncoding.EncodeToString(
|
return &StaticAuth{
|
||||||
[]byte(username + ":" + password))), nil
|
token: base64.StdEncoding.EncodeToString([]byte(username + ":" + password)),
|
||||||
|
hiddenDomain: strings.ToLower(values.Get("hidden_domain")),
|
||||||
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func requireBasicAuth(wr http.ResponseWriter) {
|
func requireBasicAuth(wr http.ResponseWriter, req *http.Request, hidden_domain string) {
|
||||||
wr.Header().Set("Proxy-Authenticate", `Basic realm="dumbproxy"`)
|
if hidden_domain != "" && req.URL.Host != hidden_domain && req.Host != hidden_domain {
|
||||||
wr.Header().Set("Content-Length", strconv.Itoa(len([]byte(AUTH_REQUIRED_MSG))))
|
http.Error(wr, "Bad Request", http.StatusBadRequest)
|
||||||
wr.WriteHeader(407)
|
} else {
|
||||||
wr.Write([]byte(AUTH_REQUIRED_MSG))
|
wr.Header().Set("Proxy-Authenticate", `Basic realm="dumbproxy"`)
|
||||||
|
wr.Header().Set("Content-Length", strconv.Itoa(len([]byte(AUTH_REQUIRED_MSG))))
|
||||||
|
wr.WriteHeader(407)
|
||||||
|
wr.Write([]byte(AUTH_REQUIRED_MSG))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (auth StaticAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
|
func (auth *StaticAuth) Validate(wr http.ResponseWriter, req *http.Request) bool {
|
||||||
hdr := req.Header.Get("Proxy-Authorization")
|
hdr := req.Header.Get("Proxy-Authorization")
|
||||||
if hdr == "" {
|
if hdr == "" {
|
||||||
requireBasicAuth(wr)
|
requireBasicAuth(wr, req, auth.hiddenDomain)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
hdr_parts := strings.SplitN(hdr, " ", 2)
|
hdr_parts := strings.SplitN(hdr, " ", 2)
|
||||||
if len(hdr_parts) != 2 || strings.ToLower(hdr_parts[0]) != "basic" {
|
if len(hdr_parts) != 2 || strings.ToLower(hdr_parts[0]) != "basic" {
|
||||||
requireBasicAuth(wr)
|
requireBasicAuth(wr, req, auth.hiddenDomain)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
token := hdr_parts[1]
|
token := hdr_parts[1]
|
||||||
ok := (subtle.ConstantTimeCompare([]byte(token), []byte(auth)) == 1)
|
ok := (subtle.ConstantTimeCompare([]byte(token), []byte(auth.token)) == 1)
|
||||||
if ok {
|
if ok {
|
||||||
return true
|
return true
|
||||||
} else {
|
} else {
|
||||||
requireBasicAuth(wr)
|
requireBasicAuth(wr, req, auth.hiddenDomain)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue