implement simple on/off basic-auth for all resources

lint: err shadowing extract htpasswd file load and add tests
2026-01-06 18:25:49 +03:00 · 2021-11-07 15:31:33 -06:00
parent 184d5ba87c
commit 8c59be3612
13 changed files with 1068 additions and 22 deletions
--- a/app/proxy/proxy.go
+++ b/app/proxy/proxy.go
@@ -45,6 +45,9 @@ type Http struct { // nolint golint
 	Reporter        Reporter
 	LBSelector      func(len int) int

+	BasicAuthEnabled bool
+	BasicAuthAllowed []string
+
 	ThrottleSystem int
 	ThrottleUser   int
 }
@@ -111,17 +114,18 @@ func (h *Http) Run(ctx context.Context) error {
 	}()

 	handler := R.Wrap(h.proxyHandler(),
-		R.Recoverer(log.Default()),                   // recover on errors
-		signatureHandler(h.Signature, h.Version),     // send app signature
-		h.pingHandler,                                // respond to /ping
-		h.healthMiddleware,                           // respond to /health
-		h.matchHandler,                               // set matched routes to context
-		limiterSystemHandler(h.ThrottleSystem),       // limit total requests/sec
-		limiterUserHandler(h.ThrottleUser),           // req/seq per user/route match
-		h.mgmtHandler(),                              // handles /metrics and /routes for prometheus
-		h.pluginHandler(),                            // prc to external plugins
-		headersHandler(h.ProxyHeaders, h.DropHeader), // add response headers and delete some request headers
-		accessLogHandler(h.AccessLog),                // apache-format log file
+		R.Recoverer(log.Default()),                               // recover on errors
+		signatureHandler(h.Signature, h.Version),                 // send app signature
+		h.pingHandler,                                            // respond to /ping
+		basicAuthHandler(h.BasicAuthEnabled, h.BasicAuthAllowed), // basic auth
+		h.healthMiddleware,                                       // respond to /health
+		h.matchHandler,                                           // set matched routes to context
+		limiterSystemHandler(h.ThrottleSystem),                   // limit total requests/sec
+		limiterUserHandler(h.ThrottleUser),                       // req/seq per user/route match
+		h.mgmtHandler(),                                          // handles /metrics and /routes for prometheus
+		h.pluginHandler(),                                        // prc to external plugins
+		headersHandler(h.ProxyHeaders, h.DropHeader),             // add response headers and delete some request headers
+		accessLogHandler(h.AccessLog),                            // apache-format log file
 		stdoutLogHandler(h.StdOutEnabled, logger.New(logger.Log(log.Default()), logger.Prefix("[INFO]")).Handler),
 		maxReqSizeHandler(h.MaxBodySize), // limit request max size
 		gzipHandler(h.GzEnabled),         // gzip response