mirror of
https://github.com/therootcompany/golib.git
synced 2025-10-07 01:28:19 +00:00
111 lines
2.2 KiB
Markdown
111 lines
2.2 KiB
Markdown
# envauth
|
|
|
|
Auth utils for single-user environments. \
|
|
(standard library only, constant-time)
|
|
|
|
- Password
|
|
- PBKDF2 Digest (sha-256)
|
|
|
|
```go
|
|
creds := envauth.BasicCredentials{
|
|
Username: os.Getenv("BASIC_AUTH_USERNAME"),
|
|
Password: os.Getenv("BASIC_AUTH_PASSWORD"),
|
|
}
|
|
|
|
verified := creds.Verify("username", "password")
|
|
```
|
|
|
|
## Basic Credentials: Username + Password
|
|
|
|
Plain-text username + password, typically something like `api:somereallylongapikey`.
|
|
|
|
`.env`:
|
|
|
|
```sh
|
|
export BASIC_AUTH_USERNAME="api"
|
|
export BASIC_AUTH_PASSWORD="secret"
|
|
```
|
|
|
|
```go
|
|
package main
|
|
|
|
import (
|
|
"os"
|
|
|
|
"github.com/therootcompany/golib/auth/envauth"
|
|
)
|
|
|
|
func main() {
|
|
username := os.Getenv("BASIC_AUTH_USERNAME")
|
|
password := os.Getenv("BASIC_AUTH_PASSWORD")
|
|
|
|
creds := envauth.BasicCredentials{
|
|
Username: username,
|
|
Password: password,
|
|
}
|
|
|
|
verified := creds.Verify("api", "secret")
|
|
if verified {
|
|
println("Authentication successful")
|
|
} else {
|
|
println("Authentication failed")
|
|
}
|
|
}
|
|
```
|
|
|
|
## PBKDF2 Derived Key / Digest
|
|
|
|
Salted and hashed password.
|
|
|
|
```sh
|
|
go run ./cmd/pbkdf2-sha256/ 'secret' 'i63wDd7K-60'
|
|
|
|
derived-key: 553ce8846c2304e93021dab03bacb5ca
|
|
```
|
|
|
|
`.env`:
|
|
|
|
```sh
|
|
export BASIC_AUTH_USERNAME="api"
|
|
export BASIC_AUTH_PBKDF256_DERIVED_KEY="553ce8846c2304e93021dab03bacb5ca"
|
|
export BASIC_AUTH_PBKDF256_SALT="i63wDd7K-60"
|
|
export BASIC_AUTH_PBKDF256_ITERATIONS=1000
|
|
```
|
|
|
|
```go
|
|
package main
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"encoding/hex"
|
|
"os"
|
|
|
|
"github.com/therootcompany/golib/auth/envauth"
|
|
)
|
|
|
|
func main() {
|
|
username := os.Getenv("BASIC_AUTH_USERNAME")
|
|
derivedKeyHex := os.Getenv("BASIC_AUTH_PBKDF256_DERIVED_KEY")
|
|
saltBase64 := os.Getenv("BASIC_AUTH_PBKDF256_SALT")
|
|
itersStr := os.Getenv("BASIC_AUTH_PBKDF256_ITERATIONS")
|
|
|
|
derivedKey, _ := hex.DecodeString(derivedKeyB64)
|
|
salt, _ := base64.URLEncoding.DecodeString(saltHex)
|
|
iterations, _ := strconv.Atoi(itersStr)
|
|
|
|
creds := envauth.PBKDF2Credentials{
|
|
Username: username,
|
|
DerivedKey: derivedKey,
|
|
Salt: salt,
|
|
Iterations: iterations,
|
|
}
|
|
|
|
verified := creds.Verify("api", "secret")
|
|
if verified {
|
|
println("Authentication successful")
|
|
} else {
|
|
println("Authentication failed")
|
|
}
|
|
}
|
|
```
|