mirror of
https://github.com/restic/rest-server.git
synced 2025-10-19 07:33:21 +00:00
added htpasswd
This commit is contained in:
Chapuis Bertil
parent
7972b1330b
commit
60fe10382a
1 changed files with 84 additions and 0 deletions
84
htpasswd.go
Normal file
84
htpasswd.go
Normal file
|
|
@ -0,0 +1,84 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
/*
|
||||||
|
Copied from: github.com/bitly/oauth2_proxy
|
||||||
|
|
||||||
|
MIT License
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in
|
||||||
|
all copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||||
|
THE SOFTWARE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/sha1"
|
||||||
|
"encoding/base64"
|
||||||
|
"encoding/csv"
|
||||||
|
"io"
|
||||||
|
"log"
|
||||||
|
"os"
|
||||||
|
)
|
||||||
|
|
||||||
|
// lookup passwords in a htpasswd file
|
||||||
|
// The entries must have been created with -s for SHA encryption
|
||||||
|
|
||||||
|
type HtpasswdFile struct {
|
||||||
|
Users map[string]string
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewHtpasswdFromFile(path string) (*HtpasswdFile, error) {
|
||||||
|
r, err := os.Open(path)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
defer r.Close()
|
||||||
|
return NewHtpasswd(r)
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewHtpasswd(file io.Reader) (*HtpasswdFile, error) {
|
||||||
|
csv_reader := csv.NewReader(file)
|
||||||
|
csv_reader.Comma = ':'
|
||||||
|
csv_reader.Comment = '#'
|
||||||
|
csv_reader.TrimLeadingSpace = true
|
||||||
|
|
||||||
|
records, err := csv_reader.ReadAll()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
h := &HtpasswdFile{Users: make(map[string]string)}
|
||||||
|
for _, record := range records {
|
||||||
|
h.Users[record[0]] = record[1]
|
||||||
|
}
|
||||||
|
return h, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (h *HtpasswdFile) Validate(user string, password string) bool {
|
||||||
|
realPassword, exists := h.Users[user]
|
||||||
|
if !exists {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
if realPassword[:5] == "{SHA}" {
|
||||||
|
d := sha1.New()
|
||||||
|
d.Write([]byte(password))
|
||||||
|
if realPassword[5:] == base64.StdEncoding.EncodeToString(d.Sum(nil)) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
log.Printf("Invalid htpasswd entry for %s. Must be a SHA entry.", user)
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue