stackoom
  简体   繁体   中英

Basic Authentication for static resources

 原文  2018-09-28 04:41:30       http/ authentication/ go/ basic-authentication/ gorilla

Question

How can I add basic authentication to my static resources? With the code below, I'm able to view any files that are in the labels folder. I know in this question it was explained how to do it. But how would would I set the header when a http.ResponseWriter is not used? 

package main

import (
    "github.com/gorilla/mux"
    "log"
    "net/http"
    "os"
)

func main() {
    port := GetPort()
    log.Println("[-] Listening on...", port)

    r := mux.NewRouter()
    r.PathPrefix("/labels/").Handler(http.StripPrefix("/labels/", http.FileServer(http.Dir("./labels/"))))

    err := http.ListenAndServe(port, r)
    log.Fatal(err)
}

// GetPort is for herkou deployment
func GetPort() string {
    port := os.Getenv("PORT")
    if port == "" {
        port = "4747"
        log.Println("[-] No PORT environment variable detected. Setting to ", port)
    }
    return ":" + port
}

2 answers

solution1
 2  2018-09-28 04:51:33

Create a wrapper around each handler to pass the request from the authentication middleware which will forward the request further after authentication is done else return the response with error as 

func authentication(next http.Handler) http.Handler {
  return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    log.Println("Executing authentication")
    next.ServeHTTP(w, r)
  })
}

// open the dialog to download pdf files.
func dowloadPdf(w http.ResponseWriter, r *http.Request) {
    w.Header().Set("Content-Disposition", "attachment; filename=YOUR_FILE")
    w.Header().Set("Content-Type", r.Header.Get("Content-Type"))
    w.Write([]byte("File downloaded"))
}

func main(){
     pdfHandler := http.HandlerFunc(dowloadPdf)
     http.Handle("/servepdf", authentication(pdfHandler))
     http.ListenAndServe(":3000", nil)
}

But if I consider the fact there is no need to have authentication when serving static files like html, css, js etc. It would be better to create a handler to serve pdf files after authenticating users.

You can also use negorni middlewares with gorilla mux rather than creating custom middlewares.

solution2
 0  2018-09-28 07:09:09

package main

import (
    "github.com/gorilla/mux"
    "log"
    "net/http"
    "os"
)

func main() {
    port := GetPort()
    log.Println("[-] Listening on...", port)

    r := mux.NewRouter()
    r.PathPrefix("/labels/").Handler(http.StripPrefix("/labels/", ServeLabels(http.FileServer(http.Dir("./labels/")))))

    err := http.ListenAndServe(port, r)
    log.Fatal(err)
}

func ServeLabels(h http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        w.Header().Set("WWW-Authenticate", `Basic realm="mydomain"`)
        h.ServeHTTP(w, r)
    })
}

// GetPort is for herkou deployment
func GetPort() string {
    port := os.Getenv("PORT")
    if port == "" {
        port = "4747"
        log.Println("[-] No PORT environment variable detected. Setting to ", port)
    }
    return ":" + port
}

something like this, or you could just go ahead and use the gorilla mux middleware.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is basic access authentication secure? What is the “realm” in basic authentication nested HTTP basic Authentication? Basic Authentication with Flash HTTP Basic Authentication on Gowalla? python basic authentication check HTTP Basic Authentication in AngularJS Basic authentication swift 4 Basic authentication using AFNetworking Apache http basic authentication?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM