fogfish / scud / 19370913107

coverage: 71.505% (-14.9%) from 86.371%
19370913107

Pull #40

github

fogfish 
basic auth, (std auth api)
Pull Request #40: basic auth, (std auth api)

21 of 146 new or added lines in 3 files covered. (14.38%)

4 existing lines in 1 file now uncovered.

532 of 744 relevant lines covered (71.51%)

0.78 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0
/authorizer/basic.go
1 
//
2 
// Copyright (C) 2021 - 2025 Dmitry Kolesnikov
3 
//
4 
// This file may be modified and distributed under the terms
5 
// of the Apache License Version 2.0. See the LICENSE file for details.
6 
// https://github.com/fogfish/swarm
7 
//
8 









9



package authorizer










10












11



import (










12



        "crypto/sha256"










13



        "crypto/subtle"










14



        "encoding/base64"










15



        "errors"










16



        "log/slog"










17



        "strings"










18



)










19












20



var (










21



        ErrForbidden = errors.New("forbidden")










22



)










23












24



// Basic Authorizer implements simple access/secret key validation.










25



type Basic struct {










26



        access, secret string










27



}










28













NEW


29



func NewBasic(access, secret string) (*Basic, error) {




×








NEW


30



        if access == "" || secret == "" {




×








NEW


31



                return nil, errors.New("basic auth is not configured")




×








NEW


32



        }




×







33













NEW


34



        return &Basic{




×








NEW


35



                access: access,




×








NEW


36



                secret: secret,




×








NEW


37



        }, nil




×







38



}










39













NEW


40



func (auth *Basic) Validate(apikey string) (string, map[string]any, error) {




×








NEW


41



        c, err := base64.RawStdEncoding.DecodeString(apikey)




×








NEW


42



        if err != nil {




×








NEW


43



                slog.Error("corrupted apikey.")




×








NEW


44



                return "", nil, ErrForbidden




×








NEW


45



        }




×







46













NEW


47



        access, secret, ok := strings.Cut(string(c), ":")




×








NEW


48



        if !ok {




×








NEW


49



                slog.Error("malformed apikey.")




×








NEW


50



                return "", nil, ErrForbidden




×








NEW


51



        }




×







52













NEW


53



        gaccess := sha256.Sum256([]byte(access))




×








NEW


54



        gsecret := sha256.Sum256([]byte(secret))




×








NEW


55



        haccess := sha256.Sum256([]byte(auth.access))




×








NEW


56



        hsecret := sha256.Sum256([]byte(auth.secret))




×








NEW


57






×








NEW


58



        accessMatch := (subtle.ConstantTimeCompare(gaccess[:], haccess[:]) == 1)




×








NEW


59



        secretMatch := (subtle.ConstantTimeCompare(gsecret[:], hsecret[:]) == 1)




×








NEW


60






×








NEW


61



        if !(accessMatch && secretMatch) {




×








NEW


62



                slog.Error("apikey forbidden.")




×








NEW


63



                return "", nil, ErrForbidden




×








NEW


64



        }




×







65













NEW


66



        return access, map[string]any{"auth": "basic", "sub": access}, nil




×







67



}
























    

  • 

    •