WIP

.gitignore

@@ -0,0 +1 @@
+.idea/workspace.xml

.idea/.gitignore

@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Editor-based HTTP Client requests
+/httpRequests/
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml

.idea/misc.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="NodePackageJsonFileManager">
+    <packageJsonPaths />
+  </component>
+</project>

.idea/modules.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/web_auth_demo.iml" filepath="$PROJECT_DIR$/.idea/web_auth_demo.iml" />
+    </modules>
+  </component>
+</project>

.idea/vcs.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$" vcs="Git" />
+  </component>
+</project>

.idea/watcherTasks.xml

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectTasksOptions">
+    <enabled-global>
+      <option value="goimports" />
+    </enabled-global>
+  </component>
+</project>

.idea/web_auth_demo.iml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="Go" enabled="true" />
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

demo.go

@@ -0,0 +1,48 @@
+package main
+
+import (
+	"crypto/sha256"
+	"crypto/subtle"
+	"net/http"
+)
+
+func basicAuth(next http.HandlerFunc) http.HandlerFunc {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Extract the username and password from the request Authorization header.
+		// If no Authentication header is present, or if the header value is
+		// invalid, then the 'ok' return value will be false.
+		username, password, ok := r.BasicAuth()
+		if ok {
+			// Calculate SHA-256 hashes for the provided and expected usernames
+			// and passwords in order to have constant length values.
+			usernameHash := sha256.Sum256([]byte(username))
+			passwordHash := sha256.Sum256([]byte(password))
+			expectedUsernameHash := sha256.Sum256([]byte("your expected username"))
+			expectedPasswordHash := sha256.Sum256([]byte("your expected password"))
+
+			// Use the subtle.ConstantTimeCompare() function to check if the
+			// provided username and password hashes equal the expected
+			// username and password hashes.
+			// ConstantTimeCompare will return 1 if the values are equal, or 0 otherwise.
+			// Importantly, we should do the work to evaluate both the username
+			// and password before checking the return values, to avoid leaking information.
+			usernameMatch := 1 == subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:])
+			passwordMatch := 1 == subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:])
+
+			// If the username and password are correct, then call the next
+			// handler in the chain. Make sure to return afterwards, so that
+			// none of the code below is run.
+			if usernameMatch && passwordMatch {
+				next.ServeHTTP(w, r)
+				return
+			}
+		}
+
+		// If the Authentication header is not present, is invalid, or the
+		// username or password is wrong, then set a WWW-Authenticate header
+		// to inform the client that we expect them to use basic authentication
+		// and send a 401 Unauthorized response.
+		w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`)
+		http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
+	})
+}

go.mod

@@ -0,0 +1,3 @@
+module code.osinet.fr/fgm/web_auth_demo
+
+go 1.17