Revision 0a607ab97d6818295b573f2612478be936e847a6 authored by renovate[bot] on 08 June 2023, 15:08:37 UTC, committed by GitHub on 08 June 2023, 15:08:37 UTC
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent 093d0a4
basic_auth.go
package api
import (
"crypto/subtle"
"net/http"
)
// BasicAuthenticatedRequest parses the provided HTTP request for basic authentication credentials
// and returns true if the provided credentials match the expected username and password.
// Returns false if the request is unauthenticated.
// Uses constant-time comparison in order to mitigate timing attacks.
func BasicAuthenticatedRequest(req *http.Request, expectedUser, expectedPass string) bool {
user, pass, ok := req.BasicAuth()
if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(expectedUser)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(expectedPass)) != 1 {
return false
}
return true
}
Computing file changes ...
