Code refactor in auth.go

2025-10-16 05:16:35 +08:00 · 2024-03-12 18:42:51 +08:00 · 2024-03-12 18:42:51 +08:00 · fedca00d78
commit fedca00d78
parent 990c44aebf
2 changed files with 41 additions and 11 deletions
--- a/auth.go
+++ b/auth.go
@ -15,6 +15,8 @@ import (

 // AuthUserKey is the cookie name for user credential in basic auth.
 const AuthUserKey = "user"
+
+// AuthProxyUserKey is the cookie name for proxy_user credential in basic auth for proxy.
 const AuthProxyUserKey = "proxy_user"

 // Accounts defines a key/value for user/pass list of authorized logins.
@ -39,11 +41,13 @@ func (a authPairs) searchCredential(authValue string) (string, bool) {
 	return "", false
 }

-// BasicAuthForRealm returns a Basic HTTP Authorization middleware. It takes as arguments a map[string]string where
+// BasicAuthWithRealm returns a Basic HTTP Authorization middleware. It takes as arguments a map[string]string where
 // the key is the username and the value is the password, as well as the name of the Realm.
 // If the realm is empty, "Authorization Required" will be used by default.
-// (see http://tools.ietf.org/html/rfc2617#section-1.2)
-func BasicAuthForRealm(accounts Accounts, realm string) HandlerFunc {
+// In fact, 'realm' should contain at least the name of the host performing the authentication and might additionally
+// indicate the collection of users who might have access. An example might be "registered_users@go.dev".
+// (see http://tools.ietf.org/html/rfc2617#section-1.2 for more details)
+func BasicAuthWithRealm(accounts Accounts, realm string) HandlerFunc {
 	if realm == "" {
 		realm = "Authorization Required"
 	}
@ -68,7 +72,7 @@ func BasicAuthForRealm(accounts Accounts, realm string) HandlerFunc {
 // BasicAuth returns a Basic HTTP Authorization middleware. It takes as argument a map[string]string where
 // the key is the username and the value is the password.
 func BasicAuth(accounts Accounts) HandlerFunc {
-	return BasicAuthForRealm(accounts, "")
+	return BasicAuthWithRealm(accounts, "")
 }

 func processAccounts(accounts Accounts) authPairs {
@ -91,8 +95,9 @@ func authorizationHeader(user, password string) string {
 	return "Basic " + base64.StdEncoding.EncodeToString(bytesconv.StringToBytes(base))
 }

-// BasicAuthForProxy returns a Basic HTTP Proxy-Authorization middleware.
-func BasicAuthForProxy(accounts Accounts, realm string) HandlerFunc {
+// BasicAuthForProxyWithRealm returns a Basic HTTP Proxy-Authorization middleware.
+// If the realm is empty, "Proxy Authorization Required" will be used by default.
+func BasicAuthForProxyWithRealm(accounts Accounts, realm string) HandlerFunc {
 	if realm == "" {
 		realm = "Proxy Authorization Required"
 	}
@ -111,3 +116,8 @@ func BasicAuthForProxy(accounts Accounts, realm string) HandlerFunc {
 		c.Set(AuthProxyUserKey, proxyUser)
 	}
 }
+
+// BasicAuthForProxy returns a Basic HTTP Proxy-Authorization middleware.
+func BasicAuthForProxy(accounts Accounts) HandlerFunc {
+	return BasicAuthForProxyWithRealm(accounts, "")
+}
--- a/auth_test.go
+++ b/auth_test.go
@ -122,7 +122,7 @@ func TestBasicAuth401WithCustomRealm(t *testing.T) {
 	called := false
 	accounts := Accounts{"foo": "bar"}
 	router := New()
-	router.Use(BasicAuthForRealm(accounts, "My Custom \"Realm\""))
+	router.Use(BasicAuthWithRealm(accounts, "My Custom \"Realm\""))
 	router.GET("/login", func(c *Context) {
 		called = true
 		c.String(http.StatusOK, c.MustGet(AuthUserKey).(string))
@ -141,7 +141,7 @@ func TestBasicAuth401WithCustomRealm(t *testing.T) {
 func TestBasicAuthForProxySucceed(t *testing.T) {
 	accounts := Accounts{"admin": "password"}
 	router := New()
-	router.Use(BasicAuthForProxy(accounts, ""))
+	router.Use(BasicAuthForProxy(accounts))
 	router.Any("/*proxyPath", func(c *Context) {
 		c.String(http.StatusOK, c.MustGet(AuthProxyUserKey).(string))
 	})
@ -159,7 +159,7 @@ func TestBasicAuthForProxy407(t *testing.T) {
 	called := false
 	accounts := Accounts{"foo": "bar"}
 	router := New()
-	router.Use(BasicAuthForProxy(accounts, ""))
+	router.Use(BasicAuthForProxy(accounts))
 	router.Any("/*proxyPath", func(c *Context) {
 		called = true
 		c.String(http.StatusOK, c.MustGet(AuthProxyUserKey).(string))
@ -174,3 +174,23 @@ func TestBasicAuthForProxy407(t *testing.T) {
 	assert.Equal(t, http.StatusProxyAuthRequired, w.Code)
 	assert.Equal(t, "Basic realm=\"Proxy Authorization Required\"", w.Header().Get("Proxy-Authenticate"))
 }
+
+func TestBasicAuthForProxy407WithCustomRealm(t *testing.T) {
+	called := false
+	accounts := Accounts{"foo": "bar"}
+	router := New()
+	router.Use(BasicAuthForProxyWithRealm(accounts, "My Custom \"Realm\""))
+	router.Any("/*proxyPath", func(c *Context) {
+		called = true
+		c.String(http.StatusOK, c.MustGet(AuthUserKey).(string))
+	})
+
+	w := httptest.NewRecorder()
+	req, _ := http.NewRequest("GET", "/test", nil)
+	req.Header.Set("Proxy-Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("admin:password")))
+	router.ServeHTTP(w, req)
+
+	assert.False(t, called)
+	assert.Equal(t, http.StatusProxyAuthRequired, w.Code)
+	assert.Equal(t, "Basic realm=\"My Custom \\\"Realm\\\"\"", w.Header().Get("Proxy-Authenticate"))
+}