mirror of
https://github.com/openfaas/faas.git
synced 2025-06-15 19:56:47 +00:00
a38931ce69
Fixes https://github.com/openfaas/faas/issues/687 allowing the gateway to handle the responsibility of basic auth for when it is in use. To enable set basic_auth env-var to true and then mount two secrets or plaintext files under /var/secrets/ basic_auth_user, basic_auth_password Tested with faas-cli list/deploy and with Safari browser. Signed-off-by: Alex Ellis (VMware) <alexellis2@gmail.com>
30 lines
708 B
Go
30 lines
708 B
Go
package handlers
|
|
|
|
import (
|
|
"net/http"
|
|
)
|
|
|
|
// DecorateWithBasicAuth enforces basic auth as a middleware with given credentials
|
|
func DecorateWithBasicAuth(next http.HandlerFunc, credentials *BasicAuthCredentials) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
user, password, ok := r.BasicAuth()
|
|
w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
|
|
|
|
if !ok || !(credentials.Password == password && user == credentials.User) {
|
|
|
|
w.WriteHeader(http.StatusUnauthorized)
|
|
w.Write([]byte("invalid credentials"))
|
|
return
|
|
}
|
|
|
|
next.ServeHTTP(w, r)
|
|
}
|
|
}
|
|
|
|
// BasicAuthCredentials for credentials
|
|
type BasicAuthCredentials struct {
|
|
User string
|
|
Password string
|
|
}
|