auth

The auth middleware provides request authentication for Flame instances, including basic and bearer authentications.

You can read source code of this middleware on GitHubauth - 图1open in new window and API documentation on pkg.go.devauth - 图2open in new window.

Installation

The minimum requirement of Go is 1.16.

  1. go get github.com/flamego/auth

Usage examples

Basic authentication

The auth.Basicauth - 图3open in new window takes a static combination of username and password to protect routes behind it. Upon successful authentication, the auth.Userauth - 图4open in new window is injected into the request context, which simply contains the username:

  1. package main
  3. import (
  4.     "github.com/flamego/auth"
  5.     "github.com/flamego/flamego"
  6. )
  8. func main() {
  9.     f := flamego.Classic()
  10.     f.Use(auth.Basic("username", "secretpassword"))
  11.     f.Get("/", func(user auth.User) string {
  12.         return "Welcome, " + string(user)
  13.     })
  14.     f.Run()
  15. }

The auth.BasicFuncauth - 图5open in new window can be used to support dynamic combinations of username and password:

  1. package main
  3. import (
  4.     "github.com/flamego/auth"
  5.     "github.com/flamego/flamego"
  6. )
  8. func main() {
  9.     credentials := map[string]string{
  10.         "alice": "pa$$word",
  11.         "bob":   "secretpassword",
  12.     }
  14.     f := flamego.Classic()
  15.     f.Use(auth.BasicFunc(func(username, password string) bool {
  16.         return auth.SecureCompare(credentials[username], password)
  17.     }))
  18.     f.Get("/", func(user auth.User) string {
  19.         return "Welcome, " + string(user)
  20.     })
  21.     f.Run()
  22. }

The auth.SecureCompareauth - 图6open in new window is a function that does constant time compare of two strings to prevent timing attacks.

Bearer authentication

The auth.Bearerauth - 图7open in new window takes a static token to protect routes behind it. Upon successful authentication, the auth.Tokenauth - 图8open in new window is injected into the request context, which simply contains the token:

  1. package main
  3. import (
  4.     "github.com/flamego/auth"
  5.     "github.com/flamego/flamego"
  6. )
  8. func main() {
  9.     f := flamego.Classic()
  10.     f.Use(auth.Bearer("secrettoken"))
  11.     f.Get("/", func(token auth.Token) string {
  12.         return "Authenticated through " + string(token)
  13.     })
  14.     f.Run()
  15. }

The auth.BearerFuncauth - 图9open in new window can be used to support dynamic tokens:

  1. package main
  3. import (
  4.     "github.com/flamego/auth"
  5.     "github.com/flamego/flamego"
  6. )
  8. func main() {
  9.     tokens := map[string]struct{}{
  10.         "token":       {},
  11.         "secrettoken": {},
  12.     }
  14.     f := flamego.Classic()
  15.     f.Use(auth.BearerFunc(func(token string) bool {
  16.         _, ok := tokens[token]
  17.         return ok
  18.     }))
  19.     f.Get("/", func(token auth.Token) string {
  20.         return "Authenticated through " + string(token)
  21.     })
  22.     f.Run()
  23. }