Comments (3)
Is this solved by #491 ?
from sdk-go.
No, did not touch the auth part of the webhook
from sdk-go.
Just had to implement this myself, so definitely something useful. In my case I needed basic_auth
, e.g.:
// other http protocol stuff
... ce.WithMiddleware(func(next http.Handler) http.Handler {
return withBasicAuth(ctx, next, cfg.Auth.BasicAuth.Username, cfg.Auth.BasicAuth.Password)
})
// withBasicAuth enforces basic auth as a middleware for the given username and
// password
func withBasicAuth(_ context.Context, next http.Handler, u, p string) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
username, password, ok := r.BasicAuth()
if ok {
// reduce brute-force guessing attacks with constant-time comparisons
usernameHash := sha256.Sum256([]byte(username))
passwordHash := sha256.Sum256([]byte(password))
expectedUsernameHash := sha256.Sum256([]byte(u))
expectedPasswordHash := sha256.Sum256([]byte(p))
usernameMatch := subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1
passwordMatch := subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1
if usernameMatch && passwordMatch {
next.ServeHTTP(w, r)
return
}
}
w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
http.Error(w, "Unauthorized", http.StatusUnauthorized)
})
}
Questions:
- is this the correct way to use
WithMiddleware()
- if so, I can open a PR for
MiddlewareBasicAuth
if heading in the right direction - which other auth schemes do we want to support?
from sdk-go.
Related Issues (20)
- [Question] Go->PHP and vice versa HOT 3
- Errors from event handler are swallowed and never logged
- Infinite loop on AMQP disconnect HOT 3
- `protocol.go.swp` file for http protocol? HOT 4
- Feature: Expose pubsub PublishSettings along with ReceiveSettings
- Panic on Kafka IP change HOT 7
- NATS Jetstream optimistic concurrency headers HOT 2
- Memory leak in the confluent kafka producer
- Race condition in func WithCustomAttributes(ctx context.Context, attrs map[string]string)
- Support new JetStream API
- Create CODE OWNERS file for reviewers
- Support https://github.com/Azure/go-amqp stable version HOT 3
- Cloud Events HTTP Client Read/Write Timeout is Not Configurable
- Add sql HasPrefix and HasSuffix string functions HOT 11
- Expose AddFunction API for CESQL Parser HOT 6
- Improve CESQL LIKE expression implementation HOT 2
- gRPC protocol implementation HOT 8
- Properly marshal event time to RFC-3339 format HOT 4
- Support structured syntax suffixes for custom content types HOT 6
- cloudEvent client error: โinvalid CloudEvents value:(*string)(nil)โ HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sdk-go.