servauth.go 2.1 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495
  1. package servauth
  2. import (
  3. "log"
  4. "net/http"
  5. "time"
  6. "github.com/vladimirok5959/golang-utils/utils/http/helpers"
  7. )
  8. var mRequests = &Requests{
  9. counter: map[string]int{},
  10. lastTime: map[string]int64{},
  11. cleanTime: time.Now().UTC().Unix(),
  12. }
  13. func BasicAuth(handler http.Handler, username, password, realm string) http.Handler {
  14. return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
  15. if username != "" {
  16. mRequests.CleanupHourly()
  17. ip := helpers.ClientIP(r)
  18. reqs := mRequests.Count(ip)
  19. ltime := mRequests.Time(ip)
  20. // Reset counter
  21. if (time.Now().UTC().Unix() - ltime) >= 30 {
  22. reqs = 0
  23. mRequests.SetCount(ip, reqs)
  24. mRequests.SetTime(ip, time.Now().UTC().Unix())
  25. }
  26. // Restrict access
  27. if reqs >= 5 {
  28. w.Header().Set("Retry-After", "30")
  29. w.WriteHeader(429)
  30. if _, err := w.Write([]byte("Too Many Requests\n")); err != nil {
  31. log.Printf("%s\n", err.Error())
  32. }
  33. return
  34. }
  35. if realm == "" {
  36. realm = "Please enter username and password"
  37. }
  38. u, p, ok := r.BasicAuth()
  39. if !ok {
  40. w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`)
  41. w.WriteHeader(401)
  42. if _, err := w.Write([]byte("Unauthorised\n")); err != nil {
  43. log.Printf("%s\n", err.Error())
  44. }
  45. return
  46. }
  47. if u != username {
  48. // Inc counter
  49. reqs = reqs + 1
  50. mRequests.SetCount(ip, reqs)
  51. mRequests.SetTime(ip, time.Now().UTC().Unix())
  52. w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`)
  53. w.WriteHeader(401)
  54. if _, err := w.Write([]byte("Unauthorised\n")); err != nil {
  55. log.Printf("%s\n", err.Error())
  56. }
  57. return
  58. }
  59. if p != password {
  60. // Inc counter
  61. reqs = reqs + 1
  62. mRequests.SetCount(ip, reqs)
  63. mRequests.SetTime(ip, time.Now().UTC().Unix())
  64. w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`)
  65. w.WriteHeader(401)
  66. if _, err := w.Write([]byte("Unauthorised\n")); err != nil {
  67. log.Printf("%s\n", err.Error())
  68. }
  69. return
  70. }
  71. // Reset counter
  72. if reqs > 0 {
  73. reqs = 0
  74. mRequests.SetCount(ip, reqs)
  75. mRequests.SetTime(ip, time.Now().UTC().Unix())
  76. }
  77. }
  78. handler.ServeHTTP(w, r)
  79. })
  80. }