mirror of
https://github.com/restic/rest-server.git
synced 2025-10-19 07:33:21 +00:00
enabled htpasswd authentication
This commit is contained in:
Chapuis Bertil
parent
60fe10382a
commit
3a9283a115
2 changed files with 34 additions and 9 deletions
15
handlers.go
15
handlers.go
|
|
@ -14,6 +14,21 @@ type Context struct {
|
|||
path string
|
||||
}
|
||||
|
||||
func AuthHandler(f *HtpasswdFile, h http.Handler) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
username, password, ok := r.BasicAuth()
|
||||
if !ok {
|
||||
http.Error(w, "401 unauthorized", 401)
|
||||
return
|
||||
}
|
||||
if !f.Validate(username, password) {
|
||||
http.Error(w, "401 unauthorized", 401)
|
||||
return
|
||||
}
|
||||
h.ServeHTTP(w, r)
|
||||
}
|
||||
}
|
||||
|
||||
func CheckConfig(c *Context) http.HandlerFunc {
|
||||
return func(w http.ResponseWriter, r *http.Request) {
|
||||
config := filepath.Join(c.path, "config")
|
||||
|
|
|
|||
28
server.go
28
server.go
|
|
@ -19,7 +19,7 @@ func main() {
|
|||
var tls = flag.Bool("tls", false, "turns on tls support")
|
||||
flag.Parse()
|
||||
|
||||
// Create all the necessary subdirectories
|
||||
// Create the missing directories
|
||||
dirs := []string{
|
||||
"data",
|
||||
"snapshots",
|
||||
|
|
@ -27,13 +27,12 @@ func main() {
|
|||
"locks",
|
||||
"keys",
|
||||
}
|
||||
|
||||
for _, d := range dirs {
|
||||
os.MkdirAll(filepath.Join(*path, d), backend.Modes.Dir)
|
||||
os.MkdirAll(filepath.Join(*path, d), 0600)
|
||||
}
|
||||
|
||||
// Define the routes
|
||||
context := &Context{*path}
|
||||
|
||||
router := NewRouter()
|
||||
router.HeadFunc("/config", CheckConfig(context))
|
||||
router.GetFunc("/config", GetConfig(context))
|
||||
|
|
@ -44,17 +43,28 @@ func main() {
|
|||
router.PostFunc("/:type/:name", SaveBlob(context))
|
||||
router.DeleteFunc("/:type/:name", DeleteBlob(context))
|
||||
|
||||
// Check for a password file
|
||||
var handler http.Handler
|
||||
htpasswdFile, err := NewHtpasswdFromFile(filepath.Join(*path, ".htpasswd"))
|
||||
if err != nil {
|
||||
log.Println("Authentication disabled")
|
||||
handler = router
|
||||
} else {
|
||||
log.Println("Authentication enabled")
|
||||
handler = AuthHandler(htpasswdFile, router)
|
||||
}
|
||||
|
||||
// start the server
|
||||
if !*tls {
|
||||
log.Printf("start server on port %s", HTTP)
|
||||
http.ListenAndServe(HTTP, router)
|
||||
log.Printf("start server on port %s\n", HTTP)
|
||||
http.ListenAndServe(HTTP, handler)
|
||||
} else {
|
||||
log.Printf("start server on port %s", HTTPS)
|
||||
privateKey := filepath.Join(*path, "private_key")
|
||||
publicKey := filepath.Join(*path, "public_key")
|
||||
|
||||
log.Println("TLS enabled")
|
||||
log.Printf("private key: %s", privateKey)
|
||||
log.Printf("public key: %s", publicKey)
|
||||
http.ListenAndServeTLS(HTTPS, publicKey, privateKey, router)
|
||||
log.Printf("start server on port %s\n", HTTPS)
|
||||
http.ListenAndServeTLS(HTTPS, publicKey, privateKey, handler)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue