HTTPBasicAuth facilitates HTTP basic authentication.
| 35 | |
| 36 | // HTTPBasicAuth facilitates HTTP basic authentication. |
| 37 | type HTTPBasicAuth struct { |
| 38 | // The algorithm with which the passwords are hashed. Default: bcrypt |
| 39 | HashRaw json.RawMessage `json:"hash,omitempty" caddy:"namespace=http.authentication.hashes inline_key=algorithm"` |
| 40 | |
| 41 | // The list of accounts to authenticate. |
| 42 | AccountList []Account `json:"accounts,omitempty"` |
| 43 | |
| 44 | // The name of the realm. Default: restricted |
| 45 | Realm string `json:"realm,omitempty"` |
| 46 | |
| 47 | // If non-nil, a mapping of plaintext passwords to their |
| 48 | // hashes will be cached in memory (with random eviction). |
| 49 | // This can greatly improve the performance of traffic-heavy |
| 50 | // servers that use secure password hashing algorithms, with |
| 51 | // the downside that plaintext passwords will be stored in |
| 52 | // memory for a longer time (this should not be a problem |
| 53 | // as long as your machine is not compromised, at which point |
| 54 | // all bets are off, since basicauth necessitates plaintext |
| 55 | // passwords being received over the wire anyway). Note that |
| 56 | // a cache hit does not mean it is a valid password. |
| 57 | HashCache *Cache `json:"hash_cache,omitempty"` |
| 58 | |
| 59 | Accounts map[string]Account `json:"-"` |
| 60 | Hash Comparer `json:"-"` |
| 61 | |
| 62 | // fakePassword is used when a given user is not found, |
| 63 | // so that timing side-channels can be mitigated: it gives |
| 64 | // us something to hash and compare even if the user does |
| 65 | // not exist, which should have similar timing as a user |
| 66 | // account that does exist. |
| 67 | fakePassword []byte |
| 68 | } |
| 69 | |
| 70 | // CaddyModule returns the Caddy module information. |
| 71 | func (HTTPBasicAuth) CaddyModule() caddy.ModuleInfo { |
nothing calls this directly
no outgoing calls
no test coverage detected