lza_menace
/
wg-access-server
mirror of https://github.com/Place1/wg-access-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
dependabot/npm_and_yarn/website/json5-1.0.2
dependabot/npm_and_yarn/website/async-2.6.4
dependabot/npm_and_yarn/website/url-parse-1.5.10
dependabot/npm_and_yarn/website/minimist-1.2.6
dependabot/npm_and_yarn/website/follow-redirects-1.14.8
dependabot/npm_and_yarn/website/tmpl-1.0.5
dependabot/npm_and_yarn/website/path-parse-1.0.7
dependabot/npm_and_yarn/website/lodash-4.17.21
dependabot/npm_and_yarn/website/ssri-6.0.2
dependabot/npm_and_yarn/website/y18n-4.0.1
master
gh-pages
remove-file-storage-backend
postgresql-ha
login-page-style-update
50-fix-oidc-email-domain-validation
48-fix-client-status-indicator
44-fix-routing-rules
config-options-for-ports
client-network-config
show-owner-name-in-ui
administration
big-refactor
embedded-dns
dns-support
add-license-1
auth
v0.4.6
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.0
v0.3.0-rc2
v0.3.0-rc1
0.2.5
0.2.5-rc3
0.2.5-rc2
0.2.5-rc1
0.2.4
0.2.4-rc1
0.2.3
0.2.2
0.2.1
0.2.0
0.2.0-rc8
0.2.0-rc7
0.2.0-rc6
0.2.0-rc5
0.2.0-rc4
0.2.0-rc3
0.1.1
0.1.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '304a6526cc'
${ noResults }
wg-access-server/pkg/authnz/authconfig/basic.go

90 lines
2.3 KiB
Go
Raw Blame History

package authconfig
import (
"fmt"
"net/http"
"strings"
"github.com/place1/wg-access-server/pkg/authnz/authruntime"
"github.com/place1/wg-access-server/pkg/authnz/authsession"
"github.com/tg123/go-htpasswd"
)
type BasicAuthConfig struct {
// Users is a list of htpasswd encoded username:password pairs
// supports BCrypt, Sha, Ssha, Md5
// example: "htpasswd -nB <username>"
// copy the result into your user's array
Users []string `yaml:"users"`
}
func (c *BasicAuthConfig) Provider() *authruntime.Provider {
return &authruntime.Provider{
Type: "Basic",
Invoke: func(w http.ResponseWriter, r *http.Request, runtime *authruntime.ProviderRuntime) {
basicAuthLogin(c, runtime)(w, r)
},
}
}
func basicAuthLogin(c *BasicAuthConfig, runtime *authruntime.ProviderRuntime) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
u, p, ok := r.BasicAuth()
if !ok {
w.Header().Set("WWW-Authenticate", `Basic realm="site"`)
w.WriteHeader(http.StatusUnauthorized)
fmt.Fprintln(w, "unauthorized")
return
}
if ok := checkCreds(c.Users, u, p); ok {
runtime.SetSession(w, r, &authsession.AuthSession{
Identity: &authsession.Identity{
Subject: u,
},
})
runtime.Done(w, r)
}
w.Header().Set("WWW-Authenticate", `Basic realm="site"`)
w.WriteHeader(http.StatusUnauthorized)
fmt.Fprintln(w, "unauthorized")
return
}
}
func checkCreds(users []string, username string, password string) bool {
for _, user := range users {
if u, p, ok := parsehtpassword(user); ok {
if u == username {
return checkhtpasswd(p, password)
}
}
}
return false
}
func parsehtpassword(user string) (string, string, bool) {
segments := strings.SplitN(user, ":", 2)
if len(segments) >= 1 {
return segments[0], segments[1], true
}
return "", "", false
}
func checkhtpasswd(required string, given string) bool {
if encoded, err := htpasswd.AcceptBcrypt(required); encoded != nil && err == nil {
return encoded.MatchesPassword(given)
}
if encoded, err := htpasswd.AcceptSha(required); encoded != nil && err == nil {
return encoded.MatchesPassword(given)
}
if encoded, err := htpasswd.AcceptSsha(required); encoded != nil && err == nil {
return encoded.MatchesPassword(given)
}
if encoded, err := htpasswd.AcceptMd5(required); encoded != nil && err == nil {
return encoded.MatchesPassword(given)
}
return false
}
Reference in New Issue View Git Blame Copy Permalink