checkBasicAuth checks the basic authorization data, if necessary, and if the data isn't valid, it writes an error. shouldHandle is false if the request has been denied. p.HTTPConfig must not be nil.
( w http.ResponseWriter, r *http.Request, raddr netip.AddrPort, )
| 255 | // data isn't valid, it writes an error. shouldHandle is false if the request |
| 256 | // has been denied. p.HTTPConfig must not be nil. |
| 257 | func (p *Proxy) checkBasicAuth( |
| 258 | w http.ResponseWriter, |
| 259 | r *http.Request, |
| 260 | raddr netip.AddrPort, |
| 261 | ) (shouldHandle bool) { |
| 262 | ui := p.HTTPConfig.Userinfo |
| 263 | if ui == nil { |
| 264 | return true |
| 265 | } |
| 266 | |
| 267 | user, pass, _ := r.BasicAuth() |
| 268 | if matchesUserinfo(ui, user, pass) { |
| 269 | return true |
| 270 | } |
| 271 | |
| 272 | p.logger.Error("basic auth failed", "user", user, "raddr", raddr) |
| 273 | |
| 274 | h := w.Header() |
| 275 | h.Set(httphdr.WWWAuthenticate, `Basic realm="DNS", charset="UTF-8"`) |
| 276 | http.Error(w, "Authorization required", http.StatusUnauthorized) |
| 277 | |
| 278 | return false |
| 279 | } |
| 280 | |
| 281 | // matchesUserinfo returns false if user and pass don't match userinfo. |
| 282 | // userinfo must not be nil. |
no test coverage detected