README
¶
goji/httpauth 
httpauth currently provides HTTP Basic Authentication middleware for Go.
Note that httpauth is completely compatible with Goji, a minimal web framework for Go, but as it satisfies http.Handler it can be used beyond Goji itself.
Example
httpauth provides a SimpleBasicAuth function to get you up and running. Particularly ideal for development servers.
Note that HTTP Basic Authentication credentials are sent over the wire "in the clear" (read: plaintext!) and therefore should not be considered a robust way to secure a HTTP server. If you're after that, you'll need to use SSL/TLS ("HTTPS") at a minimum.
Goji
package main
import(
"net/http"
"github.com/zenazn/goji/web"
"github.com/zenazn/goji/web/middleware"
)
func main() {
goji.Use(httpauth.SimpleBasicAuth("dave", "somepassword"))
goji.Use(SomeOtherMiddleware)
// myHandler requires HTTP Basic Auth
goji.Get("/thing", myHandler)
goji.Serve()
}
If you're looking for a little more control over the process, you can instead pass a httpauth.AuthOptions struct to httpauth.BasicAuth instead. This allows you to:
- Configure the authentication realm
- Provide your own UnauthorizedHandler (anything that satisfies
http.Handler) so you can return a better looking 401 page.
func main() {
authOpts := httpauth.AuthOptions{
Realm: "DevCo",
User: "dave",
Password: "plaintext!",
UnauthorizedHandler: myUnauthorizedHandler,
}
goji.Use(BasicAuth(authOpts))
goji.Use(SomeOtherMiddleware)
goji.Get("/thing", myHandler)
goji.Serve()
}
gorilla/mux
Since it's all http.Handler, httpauth works with gorilla/mux (and most other routers) as well:
package main
import (
"net/http"
"github.com/goji/httpauth"
"github.com/gorilla/mux"
)
func main() {
r := mux.NewRouter()
r.HandleFunc("/", myHandler)
http.Handle("/", httpauth.SimpleBasicAuth("dave", "somepassword")(r))
http.ListenAndServe(":7000", nil)
}
func myHandler(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("hello"))
}
net/http
If you're using vanilla net/http:
package main
import(
"net/http"
"github.com/goji/httpauth"
)
func main() {
http.Handle("/", httpauth.SimpleBasicAuth("dave", "somepassword")(http.HandlerFunc(hello)))
http.ListenAndServe(":7000", nil)
}
Contributing
Send a pull request! Note that features on the (informal) roadmap include HTTP Digest Auth and the potential for supplying your own user/password comparison function.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BasicAuth ¶
func BasicAuth(o AuthOptions) func(http.Handler) http.Handler
BasicAuth provides HTTP middleware for protecting URIs with HTTP Basic Authentication as per RFC 2617. The server authenticates a user:password combination provided in the "Authorization" HTTP header.
Example:
package main
import(
"net/http"
"github.com/zenazn/goji"
"github.com/zenazn/goji/web/httpauth"
)
func main() {
basicOpts := httpauth.AuthOptions{
Realm: "Restricted",
User: "Dave",
Password: "ClearText",
}
goji.Use(httpauth.BasicAuth(basicOpts), SomeOtherMiddleware)
goji.Get("/thing", myHandler)
}
Note: HTTP Basic Authentication credentials are sent in plain text, and therefore it does not make for a wholly secure authentication mechanism. You should serve your content over HTTPS to mitigate this, noting that "Basic Authentication" is meant to be just that: basic!
func SimpleBasicAuth ¶
SimpleBasicAuth is a convenience wrapper around BasicAuth. It takes a user and password, and returns a pre-configured BasicAuth handler using the "Restricted" realm and a default 401 handler.
Example:
package main
import(
"net/http"
"github.com/zenazn/goji/web/httpauth"
)
func main() {
goji.Use(httpauth.SimpleBasicAuth("dave", "somepassword"), SomeOtherMiddleware)
goji.Get("/thing", myHandler)
}
Types ¶
type AuthOptions ¶
AuthOptions stores the configuration for HTTP Basic Authentication.
A http.Handler may also be passed to UnauthorizedHandler to override the default error handler if you wish to serve a custom template/response.
Source Files