From 60fe10382a5eb4164dfdfeeeb4f65b2f4103c281 Mon Sep 17 00:00:00 2001 From: Chapuis Bertil Date: Sat, 19 Sep 2015 14:28:43 +0200 Subject: [PATCH] added htpasswd --- htpasswd.go | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 htpasswd.go diff --git a/htpasswd.go b/htpasswd.go new file mode 100644 index 0000000..d72a83c --- /dev/null +++ b/htpasswd.go @@ -0,0 +1,84 @@ +package main + +/* +Copied from: github.com/bitly/oauth2_proxy + +MIT License + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +*/ + +import ( + "crypto/sha1" + "encoding/base64" + "encoding/csv" + "io" + "log" + "os" +) + +// lookup passwords in a htpasswd file +// The entries must have been created with -s for SHA encryption + +type HtpasswdFile struct { + Users map[string]string +} + +func NewHtpasswdFromFile(path string) (*HtpasswdFile, error) { + r, err := os.Open(path) + if err != nil { + return nil, err + } + defer r.Close() + return NewHtpasswd(r) +} + +func NewHtpasswd(file io.Reader) (*HtpasswdFile, error) { + csv_reader := csv.NewReader(file) + csv_reader.Comma = ':' + csv_reader.Comment = '#' + csv_reader.TrimLeadingSpace = true + + records, err := csv_reader.ReadAll() + if err != nil { + return nil, err + } + h := &HtpasswdFile{Users: make(map[string]string)} + for _, record := range records { + h.Users[record[0]] = record[1] + } + return h, nil +} + +func (h *HtpasswdFile) Validate(user string, password string) bool { + realPassword, exists := h.Users[user] + if !exists { + return false + } + if realPassword[:5] == "{SHA}" { + d := sha1.New() + d.Write([]byte(password)) + if realPassword[5:] == base64.StdEncoding.EncodeToString(d.Sum(nil)) { + return true + } + } else { + log.Printf("Invalid htpasswd entry for %s. Must be a SHA entry.", user) + } + return false +}