-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathfilter.go
92 lines (76 loc) · 2.26 KB
/
filter.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
package main
import (
"encoding/base64"
"strings"
"github.com/envoyproxy/envoy/contrib/golang/filters/http/source/go/pkg/api"
)
type filter struct {
callbacks api.FilterCallbackHandler
config *config
}
const secretKey = "secret"
// parseBasicAuth parses an HTTP Basic Authentication string.
// "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" returns ("Aladdin", "open sesame", true).
func parseBasicAuth(auth string) (username, password string, ok bool) {
const prefix = "Basic "
// Case insensitive prefix match. See https://github.com/golang/go/issues/22736.
if len(auth) < len(prefix) || !strings.EqualFold(auth[:len(prefix)], prefix) {
return "", "", false
}
c, err := base64.StdEncoding.DecodeString(auth[len(prefix):])
if err != nil {
return "", "", false
}
cs := string(c)
username, password, ok = strings.Cut(cs, ":")
if !ok {
return "", "", false
}
return username, password, true
}
func (f *filter) verify(header api.RequestHeaderMap) (bool, string) {
auth, ok := header.Get("authorization")
if !ok {
return false, "no Authorization"
}
username, password, ok := parseBasicAuth(auth)
if !ok {
return false, "invalid Authorization format"
}
users := f.config.users
val, ok := users[username]
if !ok {
return false, "User not found"
}
if password != val {
return false, "invalid username or password"
}
return true, ""
}
func (f *filter) DecodeHeaders(header api.RequestHeaderMap, endStream bool) api.StatusType {
if ok, msg := f.verify(header); !ok {
// TODO: set the WWW-Authenticate response header
f.callbacks.SendLocalReply(401, msg, map[string]string{}, 0, "bad-request")
return api.LocalReply
}
return api.Continue
}
func (f *filter) DecodeData(buffer api.BufferInstance, endStream bool) api.StatusType {
return api.Continue
}
func (f *filter) DecodeTrailers(trailers api.RequestTrailerMap) api.StatusType {
return api.Continue
}
func (f *filter) EncodeHeaders(header api.ResponseHeaderMap, endStream bool) api.StatusType {
return api.Continue
}
func (f *filter) EncodeData(buffer api.BufferInstance, endStream bool) api.StatusType {
return api.Continue
}
func (f *filter) EncodeTrailers(trailers api.ResponseTrailerMap) api.StatusType {
return api.Continue
}
func (f *filter) OnDestroy(reason api.DestroyReason) {
}
func main() {
}