gallery/api/middleware/basicauth.go

34 lines
873 B
Go
Raw Permalink Normal View History

2022-12-18 00:42:21 +00:00
package middleware
import (
"net/http"
"os"
"golang.org/x/crypto/bcrypt"
)
func BasicAuth(f http.HandlerFunc) http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
username, password, ok := r.BasicAuth()
hash, err := HashPassword(os.Getenv("PASSWORD"))
if err == nil && ok {
if username == os.Getenv("USERNAME") && CheckPasswordHash(password, hash) {
f(w, r)
return
}
}
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
http.Error(w, "Unauthorized", http.StatusUnauthorized)
})
}
func HashPassword(password string) (string, error) {
bytes, err := bcrypt.GenerateFromPassword([]byte(password), 14)
return string(bytes), err
}
func CheckPasswordHash(password, hash string) bool {
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
return err == nil
}