dashboard: Can restrict access through htpasswd

2022-06-06 10:48:06 +02:00 · 2022-06-06 10:48:06 +02:00 · 437ed4d393
commit 437ed4d393
parent 635e67c224
5 changed files with 89 additions and 2 deletions
--- a/dashboard/htpasswd.go
+++ b/dashboard/htpasswd.go
@ -0,0 +1,78 @@
+package main
+
+import (
+	"bufio"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"gitlab.com/nyarla/go-crypt"
+)
+
+func Htpassword(file string) func(c *gin.Context) {
+	htpasswd := &Htpasswd{}
+
+	log.Println("Reading htpasswd file...")
+	var err error
+	if htpasswd, err = NewHtpasswd(file); htpasswd == nil {
+		log.Fatal("Unable to parse htpasswd:", err)
+	}
+
+	return func(c *gin.Context) {
+		username, password, ok := c.Request.BasicAuth()
+		if !ok {
+			c.Writer.Header().Add("WWW-Authenticate", "Basic realm=\"FIC challenge Dashboard\"")
+			c.AbortWithError(http.StatusUnauthorized, fmt.Errorf("Please login"))
+			return
+		}
+
+		if !htpasswd.Authenticate(username, password) {
+			c.Writer.Header().Add("WWW-Authenticate", "Basic realm=\"FIC challenge Dashboard\"")
+			c.AbortWithError(http.StatusUnauthorized, fmt.Errorf("Not authorized"))
+			return
+		}
+
+		c.Next()
+	}
+}
+
+type Htpasswd struct {
+	entries map[string]string
+}
+
+func NewHtpasswd(path string) (*Htpasswd, error) {
+	if fd, err := os.Open(path); err != nil {
+		return nil, err
+	} else {
+		defer fd.Close()
+
+		htpasswd := Htpasswd{
+			map[string]string{},
+		}
+
+		scanner := bufio.NewScanner(fd)
+		for scanner.Scan() {
+			line := strings.SplitN(strings.TrimSpace(scanner.Text()), ":", 2)
+			if len(line) == 2 && len(line[1]) > 2 {
+				htpasswd.entries[line[0]] = line[1]
+			}
+		}
+		if err := scanner.Err(); err != nil {
+			return nil, err
+		}
+		return &htpasswd, nil
+	}
+}
+
+func (h Htpasswd) Authenticate(username, password string) bool {
+	if hash, ok := h.entries[username]; !ok {
+		return false
+	} else if crypt.Crypt(password, hash[:2]) != hash {
+		return false
+	} else {
+		return true
+	}
+}