func (f *Filter) RoundTrip(ctx *filters.Context, req *http.Request) (*filters.Context, *http.Response, error) { if ip, _, err := net.SplitHostPort(req.RemoteAddr); err == nil { if _, ok := f.WhiteList[ip]; ok { return ctx, nil, nil } } if auth, err := ctx.GetString(authHeader); err == nil { if _, ok := f.ByPassHeaders.Get(auth); ok { glog.V(3).Infof("auth filter hit bypass cache %#v", auth) return ctx, nil, nil } parts := strings.SplitN(auth, " ", 2) if len(parts) == 2 { switch parts[0] { case "Basic": if userpass, err := base64.StdEncoding.DecodeString(parts[1]); err == nil { parts := strings.Split(string(userpass), ":") user := parts[0] pass := parts[1] pass1, ok := f.Basic[user] if ok && pass == pass1 { f.ByPassHeaders.Set(auth, struct{}{}, time.Now().Add(time.Hour)) return ctx, nil, nil } } default: glog.Errorf("Unrecognized auth type: %#v", parts[0]) break } } } glog.V(1).Infof("UnAuthenticated URL %v from %#v", req.URL.String(), req.RemoteAddr) noAuthResponse := &http.Response{ Status: "407 Proxy authentication required", StatusCode: 407, Proto: "HTTP/1.1", ProtoMajor: 1, ProtoMinor: 1, Header: http.Header{}, Request: req, Close: true, ContentLength: -1, } return ctx, noAuthResponse, nil }