-
-
Notifications
You must be signed in to change notification settings - Fork 1k
/
Copy pathbasic_auth.go
31 lines (28 loc) · 989 Bytes
/
basic_auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
package api
import (
"crypto/subtle"
"encoding/base64"
"net/http"
)
// BasicAuth returns basic auth handler.
func BasicAuth(username, password string) http.HandlerFunc {
// Inspired by https://github.com/codegangsta/martini-contrib/blob/master/auth/
return func(res http.ResponseWriter, req *http.Request) {
if !secureCompare(req.Header.Get("Authorization"),
"Basic "+base64.StdEncoding.EncodeToString([]byte(username+":"+password)),
) {
res.Header().Set("WWW-Authenticate",
"Basic realm=\"Authorization Required\"",
)
http.Error(res, "Not Authorized", http.StatusUnauthorized)
}
}
}
func secureCompare(given string, actual string) bool {
if subtle.ConstantTimeEq(int32(len(given)), int32(len(actual))) == 1 {
return subtle.ConstantTimeCompare([]byte(given), []byte(actual)) == 1
}
// Securely compare actual to itself to keep constant time,
// but always return false
return subtle.ConstantTimeCompare([]byte(actual), []byte(actual)) == 1 && false
}