Martini middleware/handler for http basic authentication.
Use auth.Basic
to authenticate against a pre-defined username and password:
import (
"github.com/go-martini/martini"
"github.com/martini-contrib/auth"
)
func main() {
m := martini.Classic()
// authenticate every request
m.Use(auth.Basic("username", "secretpassword"))
m.Run()
}
Using auth.BasicFunc
lets you authenticate on a per-user level, by checking
the username and password in the callback function:
import (
"github.com/go-martini/martini"
"github.com/martini-contrib/auth"
)
func main() {
m := martini.Classic()
// authenticate every request
m.Use(auth.BasicFunc(func(username, password string) bool {
return username == "admin" && password == "guessme"
}))
m.Run()
}
Note that checking usernames and passwords with string comparison might be
susceptible to timing attacks. To avoid that, use auth.SecureCompare
instead:
m.Use(auth.BasicFunc(func(username, password string) bool {
return auth.SecureCompare(username, "admin") && auth.SecureCompare(password, "guessme")
}))
}
Upon successful authentication, the username is available to all subsequent
handlers via the auth.User
type:
m.Get("/", func(user auth.User) string {
return "Welcome, " + string(user)
})
}