Codebase list golang-github-go-kit-kit / 37a2080
cache required creds' slices Dmitry Salakhov 6 years ago
2 changed file(s) with 17 addition(s) and 12 deletion(s). Raw diff Collapse all Expand all
1212 )
1313 ```
1414
15 For AuthMiddleware to be able to pick up the Authentication header from a HTTP request we need to pass it through the context with something like ```httptransport.ServerBefore(httptransport.PopulateRequestContext)```.
15 For AuthMiddleware to be able to pick up the Authentication header from an HTTP request we need to pass it through the context with something like ```httptransport.ServerBefore(httptransport.PopulateRequestContext)```.
1313 httptransport "github.com/go-kit/kit/transport/http"
1414 )
1515
16 // AuthError represents an authoriation error.
16 // AuthError represents an authorization error.
1717 type AuthError struct {
1818 Realm string
1919 }
2020
21 // StatusCode is an iimplementation of the StatusCoder interface in go-kit/http.
21 // StatusCode is an implementation of the StatusCoder interface in go-kit/http.
2222 func (AuthError) StatusCode() int {
2323 return http.StatusUnauthorized
2424 }
2828 return http.StatusText(http.StatusUnauthorized)
2929 }
3030
31 // Headers is an implemntation of the Headerer interface in go-kit/http.
31 // Headers is an implementation of the Headerer interface in go-kit/http.
3232 func (e AuthError) Headers() http.Header {
3333 return http.Header{
3434 "Content-Type": []string{"text/plain; charset=utf-8"},
5555 return c[:s], c[s+1:], true
5656 }
5757
58 // Returns a hash of a given slice.
59 func toHashSlice(s []byte) []byte {
60 hash := sha256.Sum256(s)
61 return hash[:]
62 }
63
5864 // AuthMiddleware returns a Basic Authentication middleware for a particular user and password.
5965 func AuthMiddleware(requiredUser, requiredPassword, realm string) endpoint.Middleware {
60 requiredUserBytes := sha256.Sum256([]byte(requiredUser))
61 requiredPassBytes := sha256.Sum256([]byte(requiredPassword))
66 requiredUserBytes := toHashSlice([]byte(requiredUser))
67 requiredPasswordBytes := toHashSlice([]byte(requiredPassword))
6268
6369 return func(next endpoint.Endpoint) endpoint.Endpoint {
6470 return func(ctx context.Context, request interface{}) (interface{}, error) {
6571 auth := ctx.Value(httptransport.ContextKeyRequestAuthorization).(string)
66 givenUser, givenPass, ok := parseBasicAuth(auth)
72 givenUser, givenPassword, ok := parseBasicAuth(auth)
6773 if !ok {
6874 return nil, AuthError{realm}
6975 }
7076
7177 // Equalize lengths of supplied and required credentials by hashing them.
72 givenUserBytes := sha256.Sum256(givenUser)
73 givenPassBytes := sha256.Sum256(givenPass)
78 givenUserBytes := toHashSlice(givenUser)
79 givenPasswordBytes := toHashSlice(givenPassword)
7480
75 // Compare the supplied credentials to those set in our options.
76 if subtle.ConstantTimeCompare(givenUserBytes[:], requiredUserBytes[:]) == 0 ||
77 subtle.ConstantTimeCompare(givenPassBytes[:], requiredPassBytes[:]) == 0 {
81 if subtle.ConstantTimeCompare(givenUserBytes, requiredUserBytes) == 0 ||
82 subtle.ConstantTimeCompare(givenPasswordBytes, requiredPasswordBytes) == 0 {
7883 return nil, AuthError{realm}
7984 }
8085