MIT licensed.

LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2014 Carl Jackson ([email protected]), Matt Silverlock ([email protected])
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -1,6 +1,8 @@
 # goji/httpauth
 
-httpauth currently provides [HTTP Basic Authentication middleware for](http://tools.ietf.org/html/rfc2617) for [Goji](https://goji.io/), a mimimal web framework for Go.
+httpauth currently provides [HTTP Basic Authentication middleware for](http://tools.ietf.org/html/rfc2617) for Go.
+
+Note that httpauth is completely compatible with [Goji](https://goji.io/), a mimimal web framework for Go, but as it satisfies http.Handler it can be used beyond Goji itself. The examples below will focus on Goji for its ease-of-use.
 
 ## Example
 
@@ -53,6 +55,7 @@ func main() {
 
     goji.Serve()
 }
+
 ```
 
 ## Contributing

basic_auth.go

@@ -1,4 +1,4 @@
-package middleware
+package httpauth
 
 import (
 	"encoding/base64"
@@ -21,21 +21,13 @@ type AuthOptions struct {
 	User                string
 	Password            string
 	UnauthorizedHandler http.Handler
-	// Advanced users can supply a custom user:password comparison function
-	Validate func(string, string) bool
 }
 
 // Satisfies the http.Handler interface for basicAuth.
 func (b basicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	// Check if we have a user-provided error handler, else set a default
 	if b.opts.UnauthorizedHandler == nil {
 		b.opts.UnauthorizedHandler = http.HandlerFunc(defaultUnauthorizedHandler)
-		return
-	}
-
-	// Set a default user/password validation function
-	if b.opts.Validate == nil {
-		b.opts.Validate = b.validate
 	}
 
 	// Check that the provided details match
@@ -48,10 +40,9 @@ func (b basicAuth) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	b.h.ServeHTTP(w, r)
 }
 
-// authenticate validates the user:password combination provided in the request header.
-// Returns 'false' if the user has not successfully authenticated.
+// authenticate retrieves and then validates the user:password combination provided in
+// the request header. Returns 'false' if the user has not successfully authenticated.
 func (b *basicAuth) authenticate(r *http.Request) bool {
-
 	const basicScheme string = "Basic "
 
 	// Confirm the request is sending Basic Authentication credentials.
@@ -61,7 +52,7 @@ func (b *basicAuth) authenticate(r *http.Request) bool {
 	}
 
 	// Get the plain-text username and password from the request
-	// The first six characters are skipped e.g. "Basic ".
+	// The first six characters are skipped - e.g. "Basic ".
 	str, err := base64.StdEncoding.DecodeString(auth[len(basicScheme):])
 	if err != nil {
 		return false
@@ -71,17 +62,9 @@ func (b *basicAuth) authenticate(r *http.Request) bool {
 	// of the password. Note that the RFC2617 standard does not place any limitations on
 	// allowable characters in the password.
 	creds := strings.SplitN(string(str), ":", 2)
-	// Validate the user & password match.
-	if b.validate(creds[0], creds[1]) == true {
-		return true
-	}
 
-	return false
-}
-
-// Validate that the provided user & password match.
-func (b *basicAuth) validate(user string, password string) bool {
-	if user == b.opts.User && password == b.opts.Password {
+	// Compare the supplied credentials to those set in our options
+	if creds[0] == b.opts.User && creds[1] == b.opts.Password {
 		return true
 	}
 
@@ -109,18 +92,18 @@ func defaultUnauthorizedHandler(w http.ResponseWriter, r *http.Request) {
 //
 //     import(
 //            "net/http"
-//            "github.com/zenazn/goji/web"
-//            "github.com/zenazn/goji/web/middleware"
+//            "github.com/zenazn/goji"
+//            "github.com/zenazn/goji/web/httpauth"
 //     )
 //
 //     func main() {
-//          basicOpts := &middleware.AuthOptions{
+//          basicOpts := httpauth.AuthOptions{
 //                      Realm: "Restricted",
 //                      User: "Dave",
 //                      Password: "ClearText",
 //                  }
 //
-//          goji.Use(middleware.BasicAuth(basicOpts), middleware.SomeOtherMiddleware)
+//          goji.Use(httpauth.BasicAuth(basicOpts), SomeOtherMiddleware)
 //          goji.Get("/thing", myHandler)
 //  }
 //
@@ -144,12 +127,12 @@ func BasicAuth(o AuthOptions) func(http.Handler) http.Handler {
 //     import(
 //            "net/http"
 //            "github.com/zenazn/goji/web"
-//            "github.com/zenazn/goji/web/middleware"
+//            "github.com/zenazn/goji/web/httpauth"
 //     )
 //
 //     func main() {
 //
-//          goji.Use(httpauth.SimpleBasicAuth("dave", "somepassword"), middleware.SomeOtherMiddleware)
+//          goji.Use(httpauth.SimpleBasicAuth("dave", "somepassword"), SomeOtherMiddleware)
 //          goji.Get("/thing", myHandler)
 //      }
 //

basic_auth_test.go

@@ -1,4 +1,4 @@
-package middleware
+package httpauth
 
 import (
 	"encoding/base64"