@@ -19,6 +19,12 @@ type digestClient struct {
1919 lastSeen int64
2020}
2121
22+ // DigestAuth is an authenticator implementation for 'Digest' HTTP Authentication scheme (RFC 7616).
23+ //
24+ // Note: this implementation was written following now deprecated RFC
25+ // 2617, and supports only MD5 algorithm.
26+ //
27+ // TODO: Add support for SHA-256 and SHA-512/256 algorithms.
2228type DigestAuth struct {
2329 Realm string
2430 Opaque string
@@ -64,9 +70,7 @@ func (c digestCache) Swap(i, j int) {
6470 c [i ], c [j ] = c [j ], c [i ]
6571}
6672
67- /*
68- Purge removes count oldest entries from DigestAuth.clients
69- */
73+ // Purge removes count oldest entries from DigestAuth.clients
7074func (da * DigestAuth ) Purge (count int ) {
7175 da .mutex .Lock ()
7276 defer da .mutex .Unlock ()
@@ -81,10 +85,8 @@ func (da *DigestAuth) Purge(count int) {
8185 }
8286}
8387
84- /*
85- http.Handler for DigestAuth which initiates the authentication process
86- (or requires reauthentication).
87- */
88+ // RequireAuth is an http.HandlerFunc which initiates the
89+ // authentication process (or requires reauthentication).
8890func (da * DigestAuth ) RequireAuth (w http.ResponseWriter , r * http.Request ) {
8991 da .mutex .RLock ()
9092 clientsLen := len (da .clients )
@@ -109,11 +111,9 @@ func (da *DigestAuth) RequireAuth(w http.ResponseWriter, r *http.Request) {
109111 da .mutex .RUnlock ()
110112}
111113
112- /*
113- Parse Authorization header from the http.Request. Returns a map of
114- auth parameters or nil if the header is not a valid parsable Digest
115- auth header.
116- */
114+ // DigestAuthParams parses Authorization header from the
115+ // http.Request. Returns a map of auth parameters or nil if the header
116+ // is not a valid parsable Digest auth header.
117117func DigestAuthParams (authorization string ) map [string ]string {
118118 s := strings .SplitN (authorization , " " , 2 )
119119 if len (s ) != 2 || s [0 ] != "Digest" {
@@ -123,12 +123,10 @@ func DigestAuthParams(authorization string) map[string]string {
123123 return ParsePairs (s [1 ])
124124}
125125
126- /*
127- Check if request contains valid authentication data. Returns a pair
128- of username, authinfo where username is the name of the authenticated
129- user or an empty string and authinfo is the contents for the optional
130- Authentication-Info response header.
131- */
126+ // CheckAuth checks whether the request contains valid authentication
127+ // data. Returns a pair of username, authinfo, where username is the
128+ // name of the authenticated user or an empty string and authinfo is
129+ // the contents for the optional Authentication-Info response header.
132130func (da * DigestAuth ) CheckAuth (r * http.Request ) (username string , authinfo * string ) {
133131 da .mutex .RLock ()
134132 defer da .mutex .RUnlock ()
@@ -211,21 +209,18 @@ func (da *DigestAuth) CheckAuth(r *http.Request) (username string, authinfo *str
211209 return auth ["username" ], & info
212210}
213211
214- /*
215- Default values for ClientCacheSize and ClientCacheTolerance for DigestAuth
216- */
217- const DefaultClientCacheSize = 1000
218- const DefaultClientCacheTolerance = 100
219-
220- /*
221- Wrap returns an Authenticator which uses HTTP Digest
222- authentication. Arguments:
223-
224- realm: The authentication realm.
212+ // Default values for ClientCacheSize and ClientCacheTolerance for DigestAuth
213+ const (
214+ DefaultClientCacheSize = 1000
215+ DefaultClientCacheTolerance = 100
216+ )
225217
226- secrets: SecretProvider which must return HA1 digests for the same
227- realm as above.
228- */
218+ // Wrap returns an http.HandlerFunc wraps AuthenticatedHandlerFunc
219+ // with this DigestAuth authentication checks. Once the request
220+ // contains valid credentials, it calls wrapped
221+ // AuthenticatedHandlerFunc.
222+ //
223+ // Deprecated: new code should use NewContext instead.
229224func (da * DigestAuth ) Wrap (wrapped AuthenticatedHandlerFunc ) http.HandlerFunc {
230225 return func (w http.ResponseWriter , r * http.Request ) {
231226 if username , authinfo := da .CheckAuth (r ); username == "" {
@@ -240,11 +235,12 @@ func (da *DigestAuth) Wrap(wrapped AuthenticatedHandlerFunc) http.HandlerFunc {
240235 }
241236}
242237
243- /*
244- JustCheck returns function which converts an http.HandlerFunc into a
245- http.HandlerFunc which requires authentication. Username is passed as
246- an extra X-Authenticated-Username header.
247- */
238+ // JustCheck returns a new http.HandlerFunc, which requires
239+ // DigestAuth to successfully authenticate a user before calling
240+ // wrapped http.HandlerFunc.
241+ //
242+ // Authenticated Username is passed as an extra
243+ // X-Authenticated-Username header to the wrapped HandlerFunc.
248244func (da * DigestAuth ) JustCheck (wrapped http.HandlerFunc ) http.HandlerFunc {
249245 return da .Wrap (func (w http.ResponseWriter , ar * AuthenticatedRequest ) {
250246 ar .Header .Set (AuthUsernameHeader , ar .Username )
0 commit comments