Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Account ¶
type Account struct {
Username string `json:"username"`
Password []byte `json:"password"`
Salt []byte `json:"salt,omitempty"` // for algorithms where external salt is needed
}
Account contains a username, password, and salt (if applicable).
type Authentication ¶
type Authentication struct {
ProvidersRaw map[string]json.RawMessage `json:"providers,omitempty"`
Providers map[string]Authenticator `json:"-"`
}
Authentication is a middleware which provides user authentication.
func (Authentication) CaddyModule ¶
func (Authentication) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
func (*Authentication) Provision ¶
func (a *Authentication) Provision(ctx caddy.Context) error
Provision sets up a.
func (Authentication) ServeHTTP ¶
func (a Authentication) ServeHTTP(w http.ResponseWriter, r *http.Request, next caddyhttp.Handler) error
type Authenticator ¶
type Authenticator interface {
Authenticate(http.ResponseWriter, *http.Request) (User, bool, error)
}
Authenticator is a type which can authenticate a request. If a request was not authenticated, it returns false. An error is only returned if authenticating the request fails for a technical reason (not for bad/missing credentials).
type BcryptHash ¶
type BcryptHash struct{}
BcryptHash implements the bcrypt hash.
func (BcryptHash) CaddyModule ¶
func (BcryptHash) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
type Comparer ¶
type Comparer interface {
// Compare returns true if the result of hashing
// plaintextPassword with salt is hashedPassword,
// false otherwise. An error is returned only if
// there is a technical/configuration error.
Compare(hashedPassword, plaintextPassword, salt []byte) (bool, error)
}
Comparer is a type that can securely compare a plaintext password with a hashed password in constant-time. Comparers should hash the plaintext password and then use constant-time comparison.
type HTTPBasicAuth ¶
type HTTPBasicAuth struct {
HashRaw json.RawMessage `json:"hash,omitempty"`
AccountList []Account `json:"accounts,omitempty"`
Realm string `json:"realm,omitempty"`
Accounts map[string]Account `json:"-"`
Hash Comparer `json:"-"`
}
HTTPBasicAuth facilitates HTTP basic authentication.
func (HTTPBasicAuth) Authenticate ¶
func (hba HTTPBasicAuth) Authenticate(w http.ResponseWriter, req *http.Request) (User, bool, error)
Authenticate validates the user credentials in req and returns the user, if valid.
func (HTTPBasicAuth) CaddyModule ¶
func (HTTPBasicAuth) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
type ScryptHash ¶
type ScryptHash struct {
N int `json:"N,omitempty"`
R int `json:"r,omitempty"`
P int `json:"p,omitempty"`
KeyLength int `json:"key_length,omitempty"`
}
ScryptHash implements the scrypt KDF as a hash.
func (ScryptHash) CaddyModule ¶
func (ScryptHash) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
func (ScryptHash) Compare ¶
func (s ScryptHash) Compare(hashed, plaintext, salt []byte) (bool, error)
Compare compares passwords.
func (*ScryptHash) Provision ¶
func (s *ScryptHash) Provision(_ caddy.Context) error
Provision sets up s.
func (*ScryptHash) SetDefaults ¶
func (s *ScryptHash) SetDefaults()
SetDefaults sets safe default parameters, but does not overwrite existing values. Each default parameter is set independently; it does not check to ensure that r*p < 2^30. The defaults chosen are those as recommended in 2019 by https://godoc.org/golang.org/x/crypto/scrypt.
Source Files