Initial commit

2025-02-11 18:26:30 +01:00 · 2025-02-11 18:26:30 +01:00 · 7cbcab0d48
commit 7cbcab0d48
25 changed files with 25504 additions and 0 deletions
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@ -0,0 +1,50 @@
+package auth
+
+import (
+    "os"
+    "crypto/sha512"
+    "crypto/subtle"
+    "encoding/hex"
+    "net/http"
+    "log"
+
+    "github.com/labstack/echo/v4"
+)
+
+const (
+    envUsernameHash = "HUGOMARDBRINK_USERNAME"
+    envPasswordHash = "HUGOMARDBRINK_PASSWORD"
+)
+
+func BasicAuth(next echo.HandlerFunc) echo.HandlerFunc {
+    return echo.HandlerFunc(func(c echo.Context) error {
+        username, password, ok := c.Request().BasicAuth()
+
+        if !ok {
+            c.Response().Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
+            return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
+        }
+ 
+        usernameHash := sha512.Sum512([]byte(username)) 
+        passwordHash := sha512.Sum512([]byte(password))
+    
+        expectedUsernameHash, err := hex.DecodeString(os.Getenv(envUsernameHash))
+        if err != nil { 
+            log.Fatal(err) 
+        }
+        expectedPasswordHash, err := hex.DecodeString(os.Getenv(envPasswordHash))
+        if err != nil {
+            log.Fatal(err)
+        }
+
+        usernameMatch := subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1
+        passwordMatch := subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1
+
+        if usernameMatch && passwordMatch {
+            return next(c)
+        } else {
+            c.Response().Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
+            return echo.NewHTTPError(http.StatusUnauthorized, "Unauthorized")
+        }
+    })
+}