Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
N
NGINX Authenticator
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Monitor
Service Desk
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
ula
NGINX Authenticator
Commits
a13390aa
Commit
a13390aa
authored
3 months ago
by
ale
Browse files
Options
Downloads
Patches
Plain Diff
Support bearer tokens for authentication
parent
ee89b710
No related branches found
Branches containing commit
No related tags found
No related merge requests found
Pipeline
#81785
passed
3 months ago
Stage: build
Stage: release
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
auth.go
+34
-9
34 additions, 9 deletions
auth.go
with
34 additions
and
9 deletions
auth.go
+
34
−
9
View file @
a13390aa
package
main
import
(
"encoding/base64"
"encoding/json"
"errors"
"flag"
"log"
"net/http"
"os"
"strings"
"git.autistici.org/ai3/go-common/pwhash"
"github.com/coreos/go-systemd/v22/daemon"
)
var
(
passwordFile
=
flag
.
String
(
"passwords"
,
"/etc/nginx-authenticator/users.json"
,
"JSON file with usernames/passwords"
)
passwordFile
=
flag
.
String
(
"passwords"
,
"/etc/nginx-authenticator/users.json"
,
"JSON file with usernames/passwords"
)
enableBasicAuth
=
flag
.
Bool
(
"enable-basic-auth"
,
true
,
"enable Basic authentication"
)
enableBearerAuth
=
flag
.
Bool
(
"enable-bearer-token-auth"
,
true
,
"enable bearer token authentication"
)
passwords
=
make
(
map
[
string
]
string
)
tokens
=
make
(
map
[
string
]
string
)
)
func
authenticate
(
username
,
password
string
)
bool
{
...
...
@@ -29,22 +34,39 @@ func authenticate(username, password string) bool {
func
handleAuthenticate
(
w
http
.
ResponseWriter
,
req
*
http
.
Request
)
{
status
:=
http
.
StatusForbidden
if
username
,
password
,
ok
:=
req
.
BasicAuth
();
ok
{
if
authenticate
(
username
,
password
)
{
status
=
http
.
StatusOK
log
.
Printf
(
"auth(%s) -> ok"
,
username
)
}
else
{
log
.
Printf
(
"auth(%s) -> ERROR"
,
username
)
if
*
enableBasicAuth
{
if
username
,
password
,
ok
:=
req
.
BasicAuth
();
ok
{
if
authenticate
(
username
,
password
)
{
status
=
http
.
StatusOK
log
.
Printf
(
"auth(%s) -> ok"
,
username
)
}
else
{
log
.
Printf
(
"auth(%s) -> ERROR"
,
username
)
}
goto
done
}
}
if
*
enableBearerAuth
{
if
auth
:=
req
.
Header
.
Get
(
"Authorization"
);
strings
.
HasPrefix
(
auth
,
"Bearer "
)
{
key
,
_
:=
base64
.
StdEncoding
.
DecodeString
(
auth
)
if
username
,
ok
:=
tokens
[
string
(
key
)];
ok
{
status
=
http
.
StatusOK
log
.
Printf
(
"auth(%s) -> ok"
,
username
)
}
else
{
log
.
Printf
(
"auth() -> ERROR"
)
}
}
}
done
:
w
.
WriteHeader
(
status
)
}
func
loadUsers
(
path
string
)
error
{
var
users
[]
struct
{
Name
string
`json:"name"`
Password
string
`json:"password"`
Name
string
`json:"name"`
Password
string
`json:"password"`
Tokens
[]
string
`json:"api_tokens"`
}
data
,
err
:=
os
.
ReadFile
(
path
)
if
err
!=
nil
{
...
...
@@ -55,6 +77,9 @@ func loadUsers(path string) error {
}
for
_
,
u
:=
range
users
{
passwords
[
u
.
Name
]
=
u
.
Password
for
_
,
t
:=
range
u
.
Tokens
{
tokens
[
t
]
=
u
.
Name
}
}
return
nil
}
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
