func (da *DevAuth) AllowedAccess(req *http.Request) Operation { _, pass, err := httputil.BasicAuth(req) if err == nil { if pass == da.Password { return OpAll } if da.VivifyPass != nil && pass == *da.VivifyPass { return OpVivify } } if authTokenHeaderMatches(req) { return OpAll } if websocketTokenMatches(req) { return OpAll } // See if the local TCP port is owned by the same non-root user as this // server. This check performed last as it may require reading from the // kernel or exec'ing a program. if httputil.IsLocalhost(req) { return OpAll } return 0 }
func (up *UserPass) AllowedAccess(req *http.Request) Operation { user, pass, err := httputil.BasicAuth(req) if err == nil { if user == up.Username { if pass == up.Password { return OpAll } if up.VivifyPass != nil && pass == *up.VivifyPass { return OpVivify } } } if authTokenHeaderMatches(req) { return OpAll } if websocketTokenMatches(req) { return OpAll } if up.OrLocalhost && httputil.IsLocalhost(req) { return OpAll } return 0 }
func (ua *userAuth) auth(r *http.Request) bool { user, pass, err := httputil.BasicAuth(r) if user == "" || pass == "" || err != nil { return false } ua.Lock() defer ua.Unlock() passHash, ok := ua.userPass[user] if !ok { return false } return passHash == hashPassword(pass) }