diff options
Diffstat (limited to 'internal/authutil/basic.go')
| -rw-r--r-- | internal/authutil/basic.go | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/internal/authutil/basic.go b/internal/authutil/basic.go new file mode 100644 index 00000000..891cf762 --- /dev/null +++ b/internal/authutil/basic.go @@ -0,0 +1,35 @@ +// Copyright 2020 The Gogs Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package authutil + +import ( + "encoding/base64" + "net/http" + "strings" +) + +// DecodeBasic extracts username and password from given header using HTTP Basic Auth. +// It returns empty strings if values are not presented or not valid. +func DecodeBasic(header http.Header) (username, password string) { + if len(header) == 0 { + return "", "" + } + + fields := strings.Fields(header.Get("Authorization")) + if len(fields) != 2 || fields[0] != "Basic" { + return "", "" + } + + p, err := base64.StdEncoding.DecodeString(fields[1]) + if err != nil { + return "", "" + } + + creds := strings.SplitN(string(p), ":", 2) + if len(creds) == 1 { + return creds[0], "" + } + return creds[0], creds[1] +} |