feat: add http Basic Auth options

Author: marjune163

README.md

@@ -78,6 +78,15 @@ server [options]
 --cors-dir <fs-path> ...
     Allow CORS requests for specific file system path.
 
+--global-auth
+    Use Basic Auth for all url path.
+--auth <url-path> ...
+    Use Basic Auth for specific url path.
+--auth-dir <fs-path> ...
+    Use Basic Auth for specific file system path.
+--user [<username>]:[<password>] ...
+    Specify users for Basic Auth, empty username and/or password is allowed.
+
 -c|--cert <file>
     Specify TLS certificate file.
 

src/param/cli.go

@@ -3,6 +3,7 @@ package param
 import (
 	"../goNixArgParser"
 	"../serverErrHandler"
+	"errors"
 	"io/ioutil"
 	"os"
 	"strings"
@@ -50,6 +51,18 @@ func init() {
 	err = options.AddFlagValues("corsdirs", "--cors-dir", "", nil, "file system path that enable CORS headers")
 	serverErrHandler.CheckFatal(err)
 
+	err = options.AddFlag("globalauth", "--global-auth", "GHFS_GLOBAL_AUTH", "require Basic Auth for all directories")
+	serverErrHandler.CheckFatal(err)
+
+	err = options.AddFlagValues("authurls", "--auth", "", nil, "url path that require Basic Auth")
+	serverErrHandler.CheckFatal(err)
+
+	err = options.AddFlagValues("authdirs", "--auth-dir", "", nil, "file system path that require Basic Auth")
+	serverErrHandler.CheckFatal(err)
+
+	err = options.AddFlagValues("users", "--user", "", nil, "user info: <username>:<password>")
+	serverErrHandler.CheckFatal(err)
+
 	err = options.AddFlagsValue("key", []string{"-k", "--key"}, "GHFS_KEY", "", "TLS certificate key path")
 	serverErrHandler.CheckFatal(err)
 
@@ -152,6 +165,7 @@ func doParseCli() []*Param {
 		param.GlobalUpload = result.HasKey("globalupload")
 		param.GlobalArchive = result.HasKey("globalarchive")
 		param.GlobalCors = result.HasKey("globalcors")
+		param.GlobalAuth = result.HasKey("globalauth")
 		param.Key, _ = result.GetString("key")
 		param.Cert, _ = result.GetString("cert")
 		param.Hostnames, _ = result.GetStrings("hostnames")
@@ -198,6 +212,34 @@ func doParseCli() []*Param {
 		arrCorsDirs, _ := result.GetStrings("corsdirs")
 		param.CorsDirs = normalizeFsPaths(arrCorsDirs)
 
+		// normalize auth urls
+		arrAuthUrls, _ := result.GetStrings("authurls")
+		param.AuthUrls = normalizeUrlPaths(arrAuthUrls)
+
+		// normalize auth dirs
+		arrAuthDirs, _ := result.GetStrings("authdirs")
+		param.AuthDirs = normalizeFsPaths(arrAuthDirs)
+
+		// normalize users
+		param.Users = map[string]string{}
+		arrUsers, _ := result.GetStrings("users")
+		for _, userEntry := range arrUsers {
+			username := userEntry
+			password := ""
+
+			colonIndex := strings.IndexByte(userEntry, ':')
+			if colonIndex >= 0 {
+				username = userEntry[:colonIndex]
+				password = userEntry[colonIndex+1:]
+			}
+
+			if _, ok := param.Users[username]; ok {
+				serverErrHandler.CheckError(errors.New("Duplicated username: " + username))
+			} else {
+				param.Users[username] = password
+			}
+		}
+
 		// shows
 		shows, err := getWildcardRegexp(result.GetStrings("shows"))
 		serverErrHandler.CheckFatal(err)

src/param/main.go

@@ -25,6 +25,11 @@ type Param struct {
 	CorsUrls   []string
 	CorsDirs   []string
 
+	GlobalAuth bool
+	AuthUrls   []string
+	AuthDirs   []string
+	Users      map[string]string
+
 	Key         string
 	Cert        string
 	Listen      []string

src/serveMux/main.go

@@ -6,6 +6,7 @@ import (
 	"../serverHandler"
 	"../serverLog"
 	"../tpl"
+	"../user"
 	"net/http"
 )
 
@@ -20,18 +21,23 @@ func NewServeMux(
 	logger *serverLog.Logger,
 	errorHandler *serverErrHandler.ErrHandler,
 ) *ServeMux {
+	users := user.NewUsers()
+	for username, password := range p.Users {
+		users.Add(username, password)
+	}
+
 	tplObj, err := tpl.LoadPage(p.Template)
 	errorHandler.LogError(err)
 
 	aliases := p.Aliases
 	handlers := map[string]http.Handler{}
 
 	if _, hasRootAlias := aliases["/"]; !hasRootAlias {
-		handlers["/"] = serverHandler.NewHandler(p.Root, "/", p, tplObj, logger, errorHandler)
+		handlers["/"] = serverHandler.NewHandler(p.Root, "/", p, users, tplObj, logger, errorHandler)
 	}
 
 	for urlPath, fsPath := range p.Aliases {
-		handlers[urlPath] = serverHandler.NewHandler(fsPath, urlPath, p, tplObj, logger, errorHandler)
+		handlers[urlPath] = serverHandler.NewHandler(fsPath, urlPath, p, users, tplObj, logger, errorHandler)
 	}
 
 	// create ServeMux

src/serverHandler/auth.go

@@ -0,0 +1,19 @@
+package serverHandler
+
+import "net/http"
+
+func (h *handler) auth(w http.ResponseWriter, r *http.Request) (success bool) {
+	header := w.Header()
+	header.Set("WWW-Authenticate", "Basic realm=\""+r.URL.Path+"\"")
+
+	username, password, hasAuthReq := r.BasicAuth()
+	if (hasAuthReq) {
+		success = h.users.Auth(username, password)
+	}
+
+	if !success {
+		w.WriteHeader(http.StatusUnauthorized)
+	}
+
+	return
+}

src/serverHandler/main.go

@@ -4,6 +4,7 @@ import (
 	"../param"
 	"../serverErrHandler"
 	"../serverLog"
+	"../user"
 	"html/template"
 	"net/http"
 	"regexp"
@@ -26,6 +27,11 @@ type handler struct {
 	corsUrls   []string
 	corsDirs   []string
 
+	globalAuth bool
+	authUrls   []string
+	authDirs   []string
+	users      user.Users
+
 	shows     *regexp.Regexp
 	showDirs  *regexp.Regexp
 	showFiles *regexp.Regexp
@@ -66,6 +72,10 @@ func (h *handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		}()
 	}
 
+	if data.NeedAuth && !h.auth(w, r) {
+		return
+	}
+
 	if data.CanUpload && r.Method == "POST" {
 		h.saveUploadFiles(data.handlerReqPath, r)
 		http.Redirect(w, r, r.RequestURI, http.StatusFound)
@@ -102,6 +112,7 @@ func NewHandler(
 	root string,
 	urlPrefix string,
 	p *param.Param,
+	users user.Users,
 	template *template.Template,
 	logger *serverLog.Logger,
 	errHandler *serverErrHandler.ErrHandler,
@@ -123,6 +134,11 @@ func NewHandler(
 		corsUrls:   p.CorsUrls,
 		corsDirs:   p.CorsDirs,
 
+		globalAuth: p.GlobalAuth,
+		authUrls:   p.AuthUrls,
+		authDirs:   p.AuthDirs,
+		users:      users,
+
 		shows:     p.Shows,
 		showDirs:  p.ShowDirs,
 		showFiles: p.ShowFiles,

src/serverHandler/responseData.go

@@ -34,6 +34,7 @@ type responseData struct {
 	CanUpload     bool
 	CanArchive    bool
 	CanCors       bool
+	NeedAuth      bool
 	Errors        []error
 }
 
@@ -297,6 +298,14 @@ func (h *handler) getCanCors(rawReqPath, reqFsPath string) bool {
 	return hasUrlOrDirPrefix(h.corsUrls, rawReqPath, h.corsDirs, reqFsPath)
 }
 
+func (h *handler) getNeedAuth(rawReqPath, reqFsPath string) bool {
+	if h.globalAuth {
+		return true
+	}
+
+	return hasUrlOrDirPrefix(h.authUrls, rawReqPath, h.authDirs, reqFsPath)
+}
+
 func (h *handler) getResponseData(r *http.Request) (data *responseData) {
 	requestUri := r.URL.Path
 	tailSlash := requestUri[len(requestUri)-1] == '/'
@@ -347,6 +356,7 @@ func (h *handler) getResponseData(r *http.Request) (data *responseData) {
 	canUpload := h.getCanUpload(item, rawReqPath, reqFsPath)
 	canArchive := h.getCanArchive(subItems, rawReqPath, reqFsPath)
 	canCors := h.getCanCors(rawReqPath, reqFsPath)
+	needAuth := h.getNeedAuth(rawReqPath, reqFsPath)
 
 	data = &responseData{
 		rawReqPath:     rawReqPath,
@@ -368,6 +378,7 @@ func (h *handler) getResponseData(r *http.Request) (data *responseData) {
 		CanUpload:  canUpload,
 		CanArchive: canArchive,
 		CanCors:    canCors,
+		NeedAuth:   needAuth,
 
 		Errors: errs,
 	}

src/user/main.go

@@ -0,0 +1,39 @@
+package user
+
+import "errors"
+
+type user struct {
+	username string
+	password string
+}
+
+func newUser(username, password string) *user {
+	return &user{
+		username,
+		password,
+	}
+}
+
+type Users struct {
+	pool map[string]*user
+}
+
+func (users Users) Add(username, password string) error {
+	if _, exist := users.pool[username]; exist {
+		return errors.New("username already exist")
+	}
+
+	users.pool[username] = newUser(username, password)
+	return nil
+}
+
+func (users Users) Auth(username, password string) bool {
+	user, exist := users.pool[username]
+	return exist && user.password == password
+}
+
+func NewUsers() Users {
+	return Users{
+		pool: map[string]*user{},
+	}
+}