iris 使用基本身份验证
HTTP 基本身份验证是对 Web 资源实施访问控制的最简单技术,因为它不需要 cookie、会话标识符或登录页面;相反,HTTP Basic 身份验证使用 HTTP 标头中的标准字段。
基本身份验证中间件包含在 Iris 框架中,因此您无需单独安装。
导入中间件:
import "github.com/kataras/iris/v12/middleware/basicauth"
使用其Options结构配置中间件:
opts := basicauth.Options{
Allow: basicauth.AllowUsers(map[string]string{
"username": "password",
}),
Realm: "Authorization Required",
ErrorHandler: basicauth.DefaultErrorHandler,
// [...more options]
}
初始化中间件:
auth := basicauth.New(opts)
上述步骤与Default功能相同:
auth := basicauth.Default(map[string]string{
"username": "password",
})
使用自定义的用户切片:
// The struct value MUST contain a Username and Passwords fields
// or GetUsername() string and GetPassword() string methods.
type User struct {
Username string
Password string
}
// [...]
auth := basicauth.Default([]User{...})
可选地从文件加载用户,密码使用bcrypt加密:
bcrypt包:golang.org/x/crypto/bcrypt
auth := basicauth.Load("users.yml", basicauth.BCRYPT)
同样可以使用Options(推荐)实现:
opts := basicauth.Options{
Allow: basicauth.AllowUsersFile("users.yml", basicauth.BCRYPT),
Realm: basicauth.DefaultRealm,
// [...more options]
}
auth := basicauth.New(opts)
users.yml将如下所示:
- username: kataras
password: $2a$10$Irg8k8HWkDlvL0YDBKLCYee6j6zzIFTplJcvZYKA.B8/clHPZn2Ey
# encrypted of kataras_pass
role: admin
- username: makis
password: $2a$10$3GXzp3J5GhHThGisbpvpZuftbmzPivDMo94XPnkTnDe7254x7sJ3O
# encrypted of makis_pass
role: member
注册中间件:
// Register to all matched routes
// under a Party and its children.
app.Use(auth)
// OR/and register to all http error routes.
app.UseError(auth)
// OR register under a path prefix of a specific Party,
// including all http errors of this path prefix.
app.UseRouter(auth)
// OR register to a specific Route before its main handler.
app.Post("/protected", auth, routeHandler)
检索用户名和密码:
func routeHandler(ctx iris.Context) {
username, password, _ := ctx.Request().BasicAuth()
// [...]
}
检索 User 值:
func routeHandler(ctx iris.Context) {
user := ctx.User().(*iris.SimpleUser)
// user.Username
// user.Password
}