-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This expands the functionality in httputil. It adds simple handlers for BasicAuth and redirecting to https This adds several autocert related mechanisms to `httputil`
- Loading branch information
1 parent
c155a91
commit 64fb9bd
Showing
6 changed files
with
126 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
package httputil | ||
|
||
import ( | ||
"net/http" | ||
"time" | ||
|
||
"github.com/pkg/errors" | ||
"golang.org/x/crypto/acme" | ||
"golang.org/x/crypto/acme/autocert" | ||
) | ||
|
||
type AcmOpt func(*autocert.Manager) error | ||
|
||
func WithLetsEncryptStaging() AcmOpt { | ||
return func(m *autocert.Manager) error { | ||
m.Client.DirectoryURL = "https://acme-staging.api.letsencrypt.org/directory" | ||
return nil | ||
} | ||
} | ||
|
||
func WithEmail(e string) AcmOpt { | ||
return func(m *autocert.Manager) error { | ||
m.Email = e | ||
return nil | ||
} | ||
} | ||
|
||
func WithRenewBefore(t time.Duration) AcmOpt { | ||
return func(m *autocert.Manager) error { | ||
m.RenewBefore = t | ||
return nil | ||
} | ||
} | ||
|
||
func WithHttpClient(c *http.Client) AcmOpt { | ||
return func(m *autocert.Manager) error { | ||
m.Client.HTTPClient = c | ||
return nil | ||
} | ||
} | ||
|
||
func NewAutocertManager(cache autocert.Cache, allowedHosts []string, opts ...AcmOpt) (*autocert.Manager, error) { | ||
m := &autocert.Manager{ | ||
Prompt: autocert.AcceptTOS, | ||
HostPolicy: autocert.HostWhitelist(allowedHosts...), | ||
Cache: cache, | ||
Client: &acme.Client{}, | ||
} | ||
|
||
for _, opt := range opts { | ||
if err := opt(m); err != nil { | ||
return nil, errors.Wrap(err, "applying option to autocert manager") | ||
} | ||
} | ||
|
||
return m, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
package httputil | ||
|
||
import ( | ||
"crypto/subtle" | ||
"net/http" | ||
) | ||
|
||
// BasicAuthMiddleware is http middleware to authenticate based on a | ||
// predefined map of usernames and passwords. | ||
func BasicAuthMiddleware(basicauthPairs map[string][]byte, next http.Handler) http.Handler { | ||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
username, password, ok := r.BasicAuth() | ||
if !ok || username == "" { | ||
http.Error(w, "Unauthorized", http.StatusUnauthorized) | ||
return | ||
} | ||
|
||
// username and password must match | ||
expectedPassword, ok := basicauthPairs[username] | ||
if !ok || subtle.ConstantTimeCompare([]byte(password), expectedPassword) != 1 { | ||
http.Error(w, "Unauthorized", http.StatusUnauthorized) | ||
return | ||
} | ||
|
||
// handoff to the next handler | ||
next.ServeHTTP(w, r) | ||
}) | ||
} | ||
|
||
// RedirectToSecureHandler is a simple handler to redirect to the secure URL. | ||
func RedirectToSecureHandler() http.Handler { | ||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
w.Header().Set("Connection", "close") | ||
url := r.URL | ||
url.Scheme = "https" | ||
url.Host = r.Host | ||
http.Redirect(w, r, url.String(), http.StatusMovedPermanently) | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters