v0.10.2 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: May 2, 2017 License: Apache-2.0 Imports: 14 Imported by: 0



Package basicauth implements HTTP Basic Authentication for Caddy.

This is useful for simple protections on a website, like requiring a password to access an admin interface. This package assumes a fairly small threat model.



This section is empty.


This section is empty.


This section is empty.


type BasicAuth

type BasicAuth struct {
	Next     httpserver.Handler
	SiteRoot string
	Rules    []Rule

BasicAuth is middleware to protect resources with a username and password. Note that HTTP Basic Authentication is not secure by itself and should not be used to protect important assets without HTTPS. Even then, the security of HTTP Basic Auth is disputed. Use discretion when deciding what to protect with BasicAuth.

func (BasicAuth) ServeHTTP

func (a BasicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) (int, error)

ServeHTTP implements the httpserver.Handler interface.

type PasswordMatcher

type PasswordMatcher func(pw string) bool

PasswordMatcher determines whether a password matches a rule.

func GetHtpasswdMatcher

func GetHtpasswdMatcher(filename, username, siteRoot string) (PasswordMatcher, error)

GetHtpasswdMatcher matches password rules.

func PlainMatcher

func PlainMatcher(passw string) PasswordMatcher

PlainMatcher returns a PasswordMatcher that does a constant-time byte comparison against the password passw.

type Rule

type Rule struct {
	Username  string
	Password  func(string) bool
	Resources []string
	Realm     string // See RFC 1945 and RFC 2617, default: "Restricted"

Rule represents a BasicAuth rule. A username and password combination protect the associated resources, which are file or directory paths.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL