From fedca00d7829a9cf0c4b7f7234f657efdba62e1e Mon Sep 17 00:00:00 2001 From: EndlessParadox1 Date: Tue, 12 Mar 2024 18:42:51 +0800 Subject: [PATCH] Code refactor in `auth.go` --- auth.go | 26 ++++++++++++++++++-------- auth_test.go | 26 +++++++++++++++++++++++--- 2 files changed, 41 insertions(+), 11 deletions(-) diff --git a/auth.go b/auth.go index 2ed33ac0..d966f315 100644 --- a/auth.go +++ b/auth.go @@ -15,6 +15,8 @@ import ( // AuthUserKey is the cookie name for user credential in basic auth. const AuthUserKey = "user" + +// AuthProxyUserKey is the cookie name for proxy_user credential in basic auth for proxy. const AuthProxyUserKey = "proxy_user" // Accounts defines a key/value for user/pass list of authorized logins. @@ -39,11 +41,13 @@ func (a authPairs) searchCredential(authValue string) (string, bool) { return "", false } -// BasicAuthForRealm returns a Basic HTTP Authorization middleware. It takes as arguments a map[string]string where -// the key is the user name and the value is the password, as well as the name of the Realm. +// BasicAuthWithRealm returns a Basic HTTP Authorization middleware. It takes as arguments a map[string]string where +// the key is the username and the value is the password, as well as the name of the Realm. // If the realm is empty, "Authorization Required" will be used by default. -// (see http://tools.ietf.org/html/rfc2617#section-1.2) -func BasicAuthForRealm(accounts Accounts, realm string) HandlerFunc { +// In fact, 'realm' should contain at least the name of the host performing the authentication and might additionally +// indicate the collection of users who might have access. An example might be "registered_users@go.dev". +// (see http://tools.ietf.org/html/rfc2617#section-1.2 for more details) +func BasicAuthWithRealm(accounts Accounts, realm string) HandlerFunc { if realm == "" { realm = "Authorization Required" } @@ -66,9 +70,9 @@ func BasicAuthForRealm(accounts Accounts, realm string) HandlerFunc { } // BasicAuth returns a Basic HTTP Authorization middleware. It takes as argument a map[string]string where -// the key is the user name and the value is the password. +// the key is the username and the value is the password. func BasicAuth(accounts Accounts) HandlerFunc { - return BasicAuthForRealm(accounts, "") + return BasicAuthWithRealm(accounts, "") } func processAccounts(accounts Accounts) authPairs { @@ -91,8 +95,9 @@ func authorizationHeader(user, password string) string { return "Basic " + base64.StdEncoding.EncodeToString(bytesconv.StringToBytes(base)) } -// BasicAuthForProxy returns a Basic HTTP Proxy-Authorization middleware. -func BasicAuthForProxy(accounts Accounts, realm string) HandlerFunc { +// BasicAuthForProxyWithRealm returns a Basic HTTP Proxy-Authorization middleware. +// If the realm is empty, "Proxy Authorization Required" will be used by default. +func BasicAuthForProxyWithRealm(accounts Accounts, realm string) HandlerFunc { if realm == "" { realm = "Proxy Authorization Required" } @@ -111,3 +116,8 @@ func BasicAuthForProxy(accounts Accounts, realm string) HandlerFunc { c.Set(AuthProxyUserKey, proxyUser) } } + +// BasicAuthForProxy returns a Basic HTTP Proxy-Authorization middleware. +func BasicAuthForProxy(accounts Accounts) HandlerFunc { + return BasicAuthForProxyWithRealm(accounts, "") +} diff --git a/auth_test.go b/auth_test.go index f7175929..1ee59cea 100644 --- a/auth_test.go +++ b/auth_test.go @@ -122,7 +122,7 @@ func TestBasicAuth401WithCustomRealm(t *testing.T) { called := false accounts := Accounts{"foo": "bar"} router := New() - router.Use(BasicAuthForRealm(accounts, "My Custom \"Realm\"")) + router.Use(BasicAuthWithRealm(accounts, "My Custom \"Realm\"")) router.GET("/login", func(c *Context) { called = true c.String(http.StatusOK, c.MustGet(AuthUserKey).(string)) @@ -141,7 +141,7 @@ func TestBasicAuth401WithCustomRealm(t *testing.T) { func TestBasicAuthForProxySucceed(t *testing.T) { accounts := Accounts{"admin": "password"} router := New() - router.Use(BasicAuthForProxy(accounts, "")) + router.Use(BasicAuthForProxy(accounts)) router.Any("/*proxyPath", func(c *Context) { c.String(http.StatusOK, c.MustGet(AuthProxyUserKey).(string)) }) @@ -159,7 +159,7 @@ func TestBasicAuthForProxy407(t *testing.T) { called := false accounts := Accounts{"foo": "bar"} router := New() - router.Use(BasicAuthForProxy(accounts, "")) + router.Use(BasicAuthForProxy(accounts)) router.Any("/*proxyPath", func(c *Context) { called = true c.String(http.StatusOK, c.MustGet(AuthProxyUserKey).(string)) @@ -174,3 +174,23 @@ func TestBasicAuthForProxy407(t *testing.T) { assert.Equal(t, http.StatusProxyAuthRequired, w.Code) assert.Equal(t, "Basic realm=\"Proxy Authorization Required\"", w.Header().Get("Proxy-Authenticate")) } + +func TestBasicAuthForProxy407WithCustomRealm(t *testing.T) { + called := false + accounts := Accounts{"foo": "bar"} + router := New() + router.Use(BasicAuthForProxyWithRealm(accounts, "My Custom \"Realm\"")) + router.Any("/*proxyPath", func(c *Context) { + called = true + c.String(http.StatusOK, c.MustGet(AuthUserKey).(string)) + }) + + w := httptest.NewRecorder() + req, _ := http.NewRequest("GET", "/test", nil) + req.Header.Set("Proxy-Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("admin:password"))) + router.ServeHTTP(w, req) + + assert.False(t, called) + assert.Equal(t, http.StatusProxyAuthRequired, w.Code) + assert.Equal(t, "Basic realm=\"My Custom \\\"Realm\\\"\"", w.Header().Get("Proxy-Authenticate")) +}