静态资源的基本身份验证

时间:2018-09-28 04:41:30

标签: http authentication go basic-authentication gorilla

如何向静态资源添加基本身份验证?使用下面的代码,我可以查看标签文件夹中的所有文件。我知道在this问题中已经解释了如何执行此操作。但是当不使用http.ResponseWriter时我将如何设置标题?

package main

import (
    "github.com/gorilla/mux"
    "log"
    "net/http"
    "os"
)

func main() {
    port := GetPort()
    log.Println("[-] Listening on...", port)

    r := mux.NewRouter()
    r.PathPrefix("/labels/").Handler(http.StripPrefix("/labels/", http.FileServer(http.Dir("./labels/"))))

    err := http.ListenAndServe(port, r)
    log.Fatal(err)
}

// GetPort is for herkou deployment
func GetPort() string {
    port := os.Getenv("PORT")
    if port == "" {
        port = "4747"
        log.Println("[-] No PORT environment variable detected. Setting to ", port)
    }
    return ":" + port
}

2 个答案:

答案 0 :(得分:2)

在每个处理程序周围创建一个包装器,以传递来自身份验证中间件的请求,身份验证中间件将在身份验证完成后进一步转发该请求,否则返回错误为的响应

func authentication(next http.Handler) http.Handler {
  return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    log.Println("Executing authentication")
    next.ServeHTTP(w, r)
  })
}

// open the dialog to download pdf files.
func dowloadPdf(w http.ResponseWriter, r *http.Request) {
    w.Header().Set("Content-Disposition", "attachment; filename=YOUR_FILE")
    w.Header().Set("Content-Type", r.Header.Get("Content-Type"))
    w.Write([]byte("File downloaded"))
}

func main(){
     pdfHandler := http.HandlerFunc(dowloadPdf)
     http.Handle("/servepdf", authentication(pdfHandler))
     http.ListenAndServe(":3000", nil)
}

但是,如果我认为提供html,css,js等静态文件时无需进行身份验证。在对用户进行身份验证之后,最好创建一个处理程序来提供pdf文件。

您还可以将negorni中间件与大猩猩mux一起使用,而不用创建自定义中间件。

答案 1 :(得分:0)

package main

import (
    "github.com/gorilla/mux"
    "log"
    "net/http"
    "os"
)

func main() {
    port := GetPort()
    log.Println("[-] Listening on...", port)

    r := mux.NewRouter()
    r.PathPrefix("/labels/").Handler(http.StripPrefix("/labels/", ServeLabels(http.FileServer(http.Dir("./labels/")))))

    err := http.ListenAndServe(port, r)
    log.Fatal(err)
}

func ServeLabels(h http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
        w.Header().Set("WWW-Authenticate", `Basic realm="mydomain"`)
        h.ServeHTTP(w, r)
    })
}

// GetPort is for herkou deployment
func GetPort() string {
    port := os.Getenv("PORT")
    if port == "" {
        port = "4747"
        log.Println("[-] No PORT environment variable detected. Setting to ", port)
    }
    return ":" + port
}

类似的东西,或者您可以继续使用大猩猩mux中间件。

相关问题
最新问题