-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathhandler.go
70 lines (55 loc) · 1.53 KB
/
handler.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
// Copyright (c) OpenFaaS Author(s) 2018. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
package function
import (
"io/ioutil"
"net/http"
"strings"
"github.com/openfaas-incubator/go-function-sdk"
)
var (
usernameSecret string
passwordSecret string
)
func init() {
// optional, add error handling, or read on each request / use sync.Once()
usernameRaw, err := ioutil.ReadFile("/var/openfaas/secrets/fn-basic-auth-username")
if err != nil {
panic(err)
}
usernameSecret = strings.TrimSpace(string(usernameRaw))
passwordRaw, err := ioutil.ReadFile("/var/openfaas/secrets/fn-basic-auth-password")
if err != nil {
panic(err)
}
passwordSecret = strings.TrimSpace(string(passwordRaw))
}
// Handle a function invocation
func Handle(req handler.Request) (handler.Response, error) {
var err error
res := handler.Response{}
if !isAuthorized(req) {
message := "You must authorize."
res.Body = []byte(message)
res.StatusCode = http.StatusUnauthorized
res.Header = http.Header{
"WWW-Authenticate": []string{`Basic realm="Restricted"`},
}
return res, err
}
res.StatusCode = http.StatusOK
res.Body = []byte("Authorization. OK.")
return res, err
}
func isAuthorized(req handler.Request) bool {
r := http.Request{}
r.Header = http.Header{
"Authorization": []string{req.Header.Get("Authorization")},
}
if username, password, ok := r.BasicAuth(); ok &&
username == usernameSecret &&
password == passwordSecret {
return true
}
return false
}