X3 - A template for using HTTP Basic Authentication in Go

Related tags

Authentication & OAuth x3
Overview

HTTP Basic Auth in Go

This is a template for using HTTP Basic Auth in a Go application.

Getting Started

To get started, run these commands.

git clone [email protected]:codazoda/x3.git
openssl req -new -newkey rsa:2048 -nodes -keyout localhost.key -out localhost.csr
openssl x509 -req -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt
go build x3
./x3

What those commands do is...

  • Clone the repo
  • Generate a self-signed certificate
  • Build the binary
  • Run the binary

About

Go has a built-in BasicAuth() method in the net/http module and I use that to authenticate the user. Because password hashing is so important, I'm using the bcrypt library for hasing in my template. Encryption is important with Basic Auth so we want to serve these requests over HTTPS. I've implemented TLS for this and that's why you need to generate a certificate.

I use a struct to store the application data. It will contain the server port, the web path, and the cert and key filenames. Normally you might load the username and password from a database but I've put them in this struct to keep the code simple. The username is admin and the password is 1234 for this example.

The auth() function authenticates a user. I use the bcrypt library for this because encryption is hard to get right. If the header is formatted correctly and the username is correct then we compare the hash with the password. For any requests that don't authenticate, we respond indicating that the request was unauthorized and include a header that causes the browser to prompt the user for their username and password, which it will send back with the next request.

The fileHandler() function authenticates then serves static files stored in the ./www directory.

The helloHandler() function authenticates then outputs the traditional "Hello World" text to the user.

The hashHandler() function does not authenticate. If you pass it a ?pass=1234 parameter, it will print a bcrypt one-way hash for that password. You'll get a different response each time because the password is properly salted by the bcrypt library. This is an example of how you might hash the password for storage in your user database. It's also the tool I used to generate the hash that I stored in the struct.

You might also like...
A demo of authentication and authorization using jwt
A demo of authentication and authorization using jwt

Nogopy Hi, this a demo of how to use jwt for authentication in microservices Keep in mind that this is a demo of how to authenticate using jwt, we don

null 2 Nov 1, 2021
Server bridging Google's OAuth and service using Radius for authentication

Fringe Fringe is an easy workaround for Google Workplace users who need a Radius server to perform authentication on behalf of other services (e.g. 80

Pierre-Luc Simard 5 Mar 7, 2022
A simple passwordless proxy authentication middleware using email.
A simple passwordless proxy authentication middleware using email.

email proxy auth A simple passwordless proxy authentication middleware that uses only email as the authentication provider. Motivation I wanted to res

Miroslav Šedivý 5 Jul 27, 2022
A simple authentication web application in Golang (using jwt)

Simple Authentication WebApp A simple authentication web app in Go (using JWT) Routes Path Method Data /api/v1/auth/register POST {"firstname":,"lastn

Shayan 2 Feb 6, 2022
Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to create powerful modern API and web authentication.

❗ Cache package has been moved to libcache repository Go-Guardian Go-Guardian is a golang library that provides a simple, clean, and idiomatic way to

Sanad Haj Yahya 426 Dec 23, 2022
Go login handlers for authentication providers (OAuth1, OAuth2)
Go login handlers for authentication providers (OAuth1, OAuth2)

gologin Package gologin provides chainable login http.Handler's for Google, Github, Twitter, Facebook, Bitbucket, Tumblr, or any OAuth1 or OAuth2 auth

Dalton Hubble 1.6k Dec 30, 2022
Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applications.

Goth: Multi-Provider Authentication for Go Package goth provides a simple, clean, and idiomatic way to write authentication packages for Go web applic

Mark Bates 4k Dec 29, 2022
[DEPRECATED] Go package authcookie implements creation and verification of signed authentication cookies.

Package authcookie import "github.com/dchest/authcookie" Package authcookie implements creation and verification of signed authentication cookies. Co

Dmitry Chestnykh 111 Dec 22, 2022
Package go-otp implements one-time-password generators used in 2-factor authentication systems like RSA-tokens. Currently this supports both HOTP (RFC-4226), TOTP (RFC-6238) and Base32 encoding (RFC-3548) for Google Authenticator compatibility

OTP Package go-otp implements one-time-password generators used in 2-factor authentication systems like RSA-tokens and Google Authenticator. Currently

Herbert Fischer 198 Oct 8, 2022
Owner
Joel Dare
Director of Software Engineering @deseretdigital. Dad. Maker. Entrepreneur. #javascript #php #minimalist
Joel Dare
GitHub
Basic and Digest HTTP Authentication for golang http

HTTP Authentication implementation in Go This is an implementation of HTTP Basic and HTTP Digest authentication in Go language. It is designed as a si

Lev Shamardin 529 Dec 22, 2022
🔥 Golang Rest Api with basic JWT Authentication and Basic Crud Operations.

?? Golang Rest Api with basic JWT Authentication and Basic Crud Operations.

Junaid Javed 19 Oct 4, 2022
Authelia: an open-source authentication and authorization server providing two-factor authentication

Authelia is an open-source authentication and authorization server providing two

Streato 0 Jan 5, 2022
A simple passwordless authentication middleware that uses only email as the authentication provider

email auth A simple passwordless authentication middleware that uses only email as the authentication provider. Motivation I wanted to restrict access

Miroslav Šedivý 5 Jul 27, 2022
Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Authorization and authentication. Learning go by writing a simple authentication and authorization service.

Dinesh Bhattarai 0 Aug 5, 2022
HTTP-server-with-auth# HTTP Server With Authentication

HTTP-server-with-auth# HTTP Server With Authentication Introduction You are to use gin framework package and concurrency in golang and jwt-go to imple

Saba Sahban 12 Nov 9, 2022
Goauth - Basic username password cookie based authentication with Go Lang

goauth [WIP] Basic username password cookie based authentication with Go Lang Overview Use a Postgres DB to store Sign-in and Sign-up info Redis for c

Joseph Chen 0 Jan 4, 2022
HTTP Authentication middlewares

goji/httpauth httpauth currently provides HTTP Basic Authentication middleware for Go. It is compatible with Go's own net/http, goji, Gin & anything t

Goji 217 Dec 23, 2022
Go (lang) HTTP session authentication

Go Session Authentication See git tags/releases for information about potentially breaking change. This package uses the Gorilla web toolkit's session

Cameron Little 218 Dec 22, 2022
Scaffold to help building Terraform Providers using AWS IAM authentication.

Terraform Provider Scaffolding This repository is a template for a Terraform provider. It is intended as a starting point for creating Terraform provi

Paul Zietsman 1 Mar 31, 2022