func (f *Filter) RoundTrip(ctx *filters.Context, req *http.Request) (*filters.Context, *http.Response, error) {
if ip, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
if _, ok := f.WhiteList[ip]; ok {
return ctx, nil, nil
}
}
if auth, err := ctx.GetString(authHeader); err == nil {
if _, ok := f.ByPassHeaders.Get(auth); ok {
glog.V(3).Infof("auth filter hit bypass cache %#v", auth)
return ctx, nil, nil
}
parts := strings.SplitN(auth, " ", 2)
if len(parts) == 2 {
switch parts[0] {
case "Basic":
if userpass, err := base64.StdEncoding.DecodeString(parts[1]); err == nil {
parts := strings.Split(string(userpass), ":")
user := parts[0]
pass := parts[1]
pass1, ok := f.Basic[user]
if ok && pass == pass1 {
f.ByPassHeaders.Set(auth, struct{}{}, time.Now().Add(time.Hour))
return ctx, nil, nil
}
}
default:
glog.Errorf("Unrecognized auth type: %#v", parts[0])
break
}
}
}
glog.V(1).Infof("UnAuthenticated URL %v from %#v", req.URL.String(), req.RemoteAddr)
noAuthResponse := &http.Response{
Status: "407 Proxy authentication required",
StatusCode: 407,
Proto: "HTTP/1.1",
ProtoMajor: 1,
ProtoMinor: 1,
Header: http.Header{},
Request: req,
Close: true,
ContentLength: -1,
}
return ctx, noAuthResponse, nil
}
