owncast/router/middleware/auth.go
Gabe Kangas 7b64fc7c30
Disconnect stream Admin API + HTTP Basic Auth (#204)
* Create http auth middleware

* Add support for ending the inbound stream. Closes #191

* Add a simple success response to API requests
2020-10-01 18:16:58 -07:00

35 lines
1.1 KiB
Go

package middleware
import (
"crypto/subtle"
"net/http"
"github.com/gabek/owncast/config"
log "github.com/sirupsen/logrus"
)
// RequireAdminAuth wraps a handler requiring HTTP basic auth for it using the given
// the stream key as the password and and a hardcoded "admin" for username.
func RequireAdminAuth(handler http.HandlerFunc) http.HandlerFunc {
username := "admin"
password := config.Config.VideoSettings.StreamingKey
return func(w http.ResponseWriter, r *http.Request) {
user, pass, ok := r.BasicAuth()
realm := "Owncast Authenticated Request"
// Failed
if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(username)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(password)) != 1 {
w.Header().Set("WWW-Authenticate", `Basic realm="`+realm+`"`)
http.Error(w, "Unauthorized", http.StatusUnauthorized)
log.Warnln("Failed authentication for", r.URL.Path, "from", r.RemoteAddr, r.UserAgent())
return
}
// Success
log.Traceln("Authenticated request OK for", r.URL.Path, "from", r.RemoteAddr, r.UserAgent())
handler(w, r)
}
}