Enable basic auth on gateway

Fixes https://github.com/openfaas/faas/issues/687 allowing the gateway to handle the responsibility of basic auth for when it is in use. To enable set basic_auth env-var to true and then mount two secrets or plaintext files under /var/secrets/ basic_auth_user, basic_auth_password Tested with faas-cli list/deploy and with Safari browser. Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
2025-06-19 04:26:35 +00:00 · 2018-05-21 22:05:39 +01:00
parent 8008a51b0b
commit a38931ce69
5 changed files with 167 additions and 3 deletions
--- a/gateway/handlers/basic_auth.go
+++ b/gateway/handlers/basic_auth.go
@ -0,0 +1,29 @@
+package handlers
+
+import (
+	"net/http"
+)
+
+// DecorateWithBasicAuth enforces basic auth as a middleware with given credentials
+func DecorateWithBasicAuth(next http.HandlerFunc, credentials *BasicAuthCredentials) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		user, password, ok := r.BasicAuth()
+		w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
+
+		if !ok || !(credentials.Password == password && user == credentials.User) {
+
+			w.WriteHeader(http.StatusUnauthorized)
+			w.Write([]byte("invalid credentials"))
+			return
+		}
+
+		next.ServeHTTP(w, r)
+	}
+}
+
+// BasicAuthCredentials for credentials
+type BasicAuthCredentials struct {
+	User     string
+	Password string
+}