//AuthMiddleware is the authorization middleware func AuthMiddleware() rest.Middleware { return &rest.IfMiddleware{ Condition: func(request *rest.Request) bool { return request.URL.Path != "/login" }, IfTrue: &tokenauth.AuthTokenMiddleware{ Realm: "token-auth", Authenticator: func(token string) string { rd := pool.Get() defer rd.Close() user, _ := redis.String(rd.Do("GET", Config.TokenNamespace+tokenauth.Hash(token))) return user }, }, IfFalse: &rest.AuthBasicMiddleware{ Realm: "basic-auth", Authenticator: func(auth string, password string) bool { user, err := FindUser(auth) if err != nil { panic(err) } if err = abdi.Check(password, user.HashedPass); err == nil { fmt.Println("logged in ", user) return true } return false }, }, } }
func AuthenticateBasic(email string, password string) bool { user, err := Find(email) if err != nil { fmt.Printf("%s\n", err) return false } if user == nil { return false } if err = abdi.Check(password, user.Password); err == nil { fmt.Println("logged in ", user) return true } return false }
// CheckPassword checks a users password against the password hash and returns // a bool and any errors func (u *User) CheckPassword(password string) bool { if err := abdi.Check(password, u.PasswordHash); err != nil { return false } return true }