github.com/rclone/rclone@v1.66.1-0.20240517100346-7b89735ae726/lib/http/auth.go (about) 1 package http 2 3 import ( 4 "bytes" 5 "html/template" 6 "log" 7 8 "github.com/rclone/rclone/fs/config/flags" 9 "github.com/spf13/pflag" 10 ) 11 12 // AuthHelp returns text describing the http authentication to add to the command help. 13 func AuthHelp(prefix string) string { 14 help := `#### Authentication 15 16 By default this will serve files without needing a login. 17 18 You can either use an htpasswd file which can take lots of users, or 19 set a single username and password with the ` + "`--{{ .Prefix }}user` and `--{{ .Prefix }}pass`" + ` flags. 20 21 If no static users are configured by either of the above methods, and client 22 certificates are required by the ` + "`--client-ca`" + ` flag passed to the server, the 23 client certificate common name will be considered as the username. 24 25 Use ` + "`--{{ .Prefix }}htpasswd /path/to/htpasswd`" + ` to provide an htpasswd file. This is 26 in standard apache format and supports MD5, SHA1 and BCrypt for basic 27 authentication. Bcrypt is recommended. 28 29 To create an htpasswd file: 30 31 touch htpasswd 32 htpasswd -B htpasswd user 33 htpasswd -B htpasswd anotherUser 34 35 The password file can be updated while rclone is running. 36 37 Use ` + "`--{{ .Prefix }}realm`" + ` to set the authentication realm. 38 39 Use ` + "`--{{ .Prefix }}salt`" + ` to change the password hashing salt from the default. 40 41 ` 42 tmpl, err := template.New("auth help").Parse(help) 43 if err != nil { 44 log.Fatal("Fatal error parsing template", err) 45 } 46 47 data := struct { 48 Prefix string 49 }{ 50 Prefix: prefix, 51 } 52 buf := &bytes.Buffer{} 53 err = tmpl.Execute(buf, data) 54 if err != nil { 55 log.Fatal("Fatal error executing template", err) 56 } 57 return buf.String() 58 } 59 60 // CustomAuthFn if used will be used to authenticate user, pass. If an error 61 // is returned then the user is not authenticated. 62 // 63 // If a non nil value is returned then it is added to the context under the key 64 type CustomAuthFn func(user, pass string) (value interface{}, err error) 65 66 // AuthConfig contains options for the http authentication 67 type AuthConfig struct { 68 HtPasswd string // htpasswd file - if not provided no authentication is done 69 Realm string // realm for authentication 70 BasicUser string // single username for basic auth if not using Htpasswd 71 BasicPass string // password for BasicUser 72 Salt string // password hashing salt 73 CustomAuthFn CustomAuthFn `json:"-"` // custom Auth (not set by command line flags) 74 } 75 76 // AddFlagsPrefix adds flags to the flag set for AuthConfig 77 func (cfg *AuthConfig) AddFlagsPrefix(flagSet *pflag.FlagSet, prefix string) { 78 flags.StringVarP(flagSet, &cfg.HtPasswd, prefix+"htpasswd", "", cfg.HtPasswd, "A htpasswd file - if not provided no authentication is done", prefix) 79 flags.StringVarP(flagSet, &cfg.Realm, prefix+"realm", "", cfg.Realm, "Realm for authentication", prefix) 80 flags.StringVarP(flagSet, &cfg.BasicUser, prefix+"user", "", cfg.BasicUser, "User name for authentication", prefix) 81 flags.StringVarP(flagSet, &cfg.BasicPass, prefix+"pass", "", cfg.BasicPass, "Password for authentication", prefix) 82 flags.StringVarP(flagSet, &cfg.Salt, prefix+"salt", "", cfg.Salt, "Password hashing salt", prefix) 83 } 84 85 // AddAuthFlagsPrefix adds flags to the flag set for AuthConfig 86 func AddAuthFlagsPrefix(flagSet *pflag.FlagSet, prefix string, cfg *AuthConfig) { 87 cfg.AddFlagsPrefix(flagSet, prefix) 88 } 89 90 // DefaultAuthCfg returns a new config which can be customized by command line flags 91 func DefaultAuthCfg() AuthConfig { 92 return AuthConfig{ 93 Salt: "dlPL2MqE", 94 } 95 }