Implement Basic Auth (#371)

Author: Umang01-hash

pkg/gofr/gofr.go

@@ -2,7 +2,6 @@ package gofr
 
 import (
 	"fmt"
-
 	"net/http"
 	"os"
 	"strconv"
@@ -277,6 +276,23 @@ func (o *otelErrorHandler) Handle(e error) {
 	o.logger.Error(e.Error())
 }
 
+func (a *App) EnableBasicAuth(credentials ...string) {
+	if len(credentials)%2 != 0 {
+		a.container.Error("Invalid number of arguments for EnableBasicAuth")
+	}
+
+	users := make(map[string]string)
+	for i := 0; i < len(credentials); i += 2 {
+		users[credentials[i]] = credentials[i+1]
+	}
+
+	a.httpServer.router.Use(middleware.BasicAuthMiddleware(middleware.BasicAuthProvider{Users: users}))
+}
+
+func (a *App) EnableBasicAuthWithFunc(validateFunc func(username, password string) bool) {
+	a.httpServer.router.Use(middleware.BasicAuthMiddleware(middleware.BasicAuthProvider{ValidateFunc: validateFunc}))
+}
+
 func (a *App) Subscribe(topic string, handler SubscribeFunc) {
 	if a.container.GetSubscriber() == nil {
 		a.container.Logger.Errorf("Subscriber not initialized in the container")

pkg/gofr/http/middleware/basic_auth.go

@@ -0,0 +1,58 @@
+package middleware
+
+import (
+	"encoding/base64"
+	"net/http"
+	"strings"
+)
+
+const credentialLength = 2
+
+type BasicAuthProvider struct {
+	Users        map[string]string
+	ValidateFunc func(username, password string) bool
+}
+
+func BasicAuthMiddleware(basicAuthProvider BasicAuthProvider) func(handler http.Handler) http.Handler {
+	return func(handler http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			authHeader := r.Header.Get("Authorization")
+			if authHeader == "" {
+				http.Error(w, "Unauthorized: Authorization header missing", http.StatusUnauthorized)
+				return
+			}
+
+			authParts := strings.Split(authHeader, " ")
+			if len(authParts) != 2 || authParts[0] != "basic" {
+				http.Error(w, "Unauthorized: Invalid Authorization header", http.StatusUnauthorized)
+				return
+			}
+
+			payload, err := base64.StdEncoding.DecodeString(authParts[1])
+			if err != nil {
+				http.Error(w, "Unauthorized: Invalid credentials format", http.StatusUnauthorized)
+				return
+			}
+
+			credentials := strings.Split(string(payload), ":")
+			if len(credentials) != credentialLength {
+				http.Error(w, "Unauthorized: Invalid credentials", http.StatusUnauthorized)
+				return
+			}
+
+			if basicAuthProvider.ValidateFunc != nil {
+				if !basicAuthProvider.ValidateFunc(credentials[0], credentials[1]) {
+					http.Error(w, "Unauthorized: Invalid username or password", http.StatusUnauthorized)
+					return
+				}
+			} else {
+				if storedPass, ok := basicAuthProvider.Users[credentials[0]]; !ok || storedPass != credentials[1] {
+					http.Error(w, "Unauthorized: Invalid username or password", http.StatusUnauthorized)
+					return
+				}
+			}
+
+			handler.ServeHTTP(w, r)
+		})
+	}
+}

pkg/gofr/http/middleware/basic_auth_test.go

@@ -0,0 +1,92 @@
+package middleware
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestBasicAuthMiddleware(t *testing.T) {
+	validationFunc := func(user, pass string) bool {
+		if user == "abc" && pass == "pass123" {
+			return true
+		}
+
+		return false
+	}
+
+	testCases := []struct {
+		name               string
+		authHeader         string
+		authProvider       BasicAuthProvider
+		expectedStatusCode int
+	}{
+		{
+			name:               "Valid Authorization",
+			authHeader:         "basic dXNlcjpwYXNzd29yZA==",
+			authProvider:       BasicAuthProvider{Users: map[string]string{"user": "password"}},
+			expectedStatusCode: http.StatusOK,
+		},
+		{
+			name:               "Valid Authorization with validation Func",
+			authHeader:         "basic YWJjOnBhc3MxMjM=",
+			authProvider:       BasicAuthProvider{ValidateFunc: validationFunc},
+			expectedStatusCode: http.StatusOK,
+		},
+		{
+			name:               "false from validation Func",
+			authHeader:         "basic dXNlcjpwYXNzd29yZA==",
+			authProvider:       BasicAuthProvider{ValidateFunc: validationFunc},
+			expectedStatusCode: http.StatusUnauthorized,
+		},
+		{
+			name:               "No Authorization Header",
+			authHeader:         "",
+			authProvider:       BasicAuthProvider{},
+			expectedStatusCode: http.StatusUnauthorized,
+		},
+		{
+			name:               "Invalid Authorization Header",
+			authHeader:         "Bearer token",
+			authProvider:       BasicAuthProvider{},
+			expectedStatusCode: http.StatusUnauthorized,
+		},
+		{
+			name:               "Invalid encoding",
+			authHeader:         "basic invalidbase64encoding==",
+			authProvider:       BasicAuthProvider{},
+			expectedStatusCode: http.StatusUnauthorized,
+		},
+		{
+			name:               "improper credentials format",
+			authHeader:         "basic dXNlcis=",
+			authProvider:       BasicAuthProvider{},
+			expectedStatusCode: http.StatusUnauthorized,
+		},
+		{
+			name:               "Unauthorized",
+			authHeader:         "basic dXNlcjpwYXNzd29yZA==",
+			authProvider:       BasicAuthProvider{},
+			expectedStatusCode: http.StatusUnauthorized,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				w.WriteHeader(http.StatusOK)
+			})
+
+			req := httptest.NewRequest(http.MethodGet, "/", http.NoBody)
+			req.Header.Set("Authorization", tc.authHeader)
+			rr := httptest.NewRecorder()
+
+			authMiddleware := BasicAuthMiddleware(tc.authProvider)
+			authMiddleware(handler).ServeHTTP(rr, req)
+
+			assert.Equal(t, tc.expectedStatusCode, rr.Code)
+		})
+	}
+}

pkg/gofr/service/basic_auth.go

@@ -0,0 +1,125 @@
+package service
+
+import (
+	"context"
+	b64 "encoding/base64"
+	"net/http"
+)
+
+type BasicAuthConfig struct {
+	UserName string
+	Password string
+}
+
+func (a *BasicAuthConfig) addOption(h HTTP) HTTP {
+	return &BasicAuthProvider{
+		userName: a.UserName,
+		password: a.Password,
+		HTTP:     h,
+	}
+}
+
+type BasicAuthProvider struct {
+	userName string
+	password string
+
+	HTTP
+}
+
+func (ba *BasicAuthProvider) addAuthorizationHeader(headers map[string]string) error {
+	decodedPassword, err := b64.StdEncoding.DecodeString(ba.password)
+	if err != nil {
+		return err
+	}
+
+	encodedAuth := b64.StdEncoding.EncodeToString([]byte(ba.userName + ":" + string(decodedPassword)))
+
+	headers["Authorization"] = "basic " + encodedAuth
+
+	return nil
+}
+
+func (ba *BasicAuthProvider) Get(ctx context.Context, path string, queryParams map[string]interface{}) (*http.Response, error) {
+	return ba.GetWithHeaders(ctx, path, queryParams, nil)
+}
+
+func (ba *BasicAuthProvider) GetWithHeaders(ctx context.Context, path string, queryParams map[string]interface{},
+	headers map[string]string) (*http.Response, error) {
+	err := ba.populateHeaders(headers)
+	if err != nil {
+		return nil, err
+	}
+
+	return ba.HTTP.GetWithHeaders(ctx, path, queryParams, headers)
+}
+
+func (ba *BasicAuthProvider) Post(ctx context.Context, path string, queryParams map[string]interface{},
+	body []byte) (*http.Response, error) {
+	return ba.PostWithHeaders(ctx, path, queryParams, body, nil)
+}
+
+func (ba *BasicAuthProvider) PostWithHeaders(ctx context.Context, path string, queryParams map[string]interface{},
+	body []byte, headers map[string]string) (*http.Response, error) {
+	err := ba.populateHeaders(headers)
+	if err != nil {
+		return nil, err
+	}
+
+	return ba.HTTP.PostWithHeaders(ctx, path, queryParams, body, headers)
+}
+
+func (ba *BasicAuthProvider) Put(ctx context.Context, api string, queryParams map[string]interface{}, body []byte) (*http.Response, error) {
+	return ba.PutWithHeaders(ctx, api, queryParams, body, nil)
+}
+
+func (ba *BasicAuthProvider) PutWithHeaders(ctx context.Context, path string, queryParams map[string]interface{},
+	body []byte, headers map[string]string) (*http.Response, error) {
+	err := ba.populateHeaders(headers)
+	if err != nil {
+		return nil, err
+	}
+
+	return ba.HTTP.PutWithHeaders(ctx, path, queryParams, body, headers)
+}
+
+func (ba *BasicAuthProvider) Patch(ctx context.Context, path string, queryParams map[string]interface{},
+	body []byte) (*http.Response, error) {
+	return ba.PatchWithHeaders(ctx, path, queryParams, body, nil)
+}
+
+func (ba *BasicAuthProvider) PatchWithHeaders(ctx context.Context, path string, queryParams map[string]interface{},
+	body []byte, headers map[string]string) (*http.Response, error) {
+	err := ba.populateHeaders(headers)
+	if err != nil {
+		return nil, err
+	}
+
+	return ba.HTTP.PatchWithHeaders(ctx, path, queryParams, body, headers)
+}
+
+func (ba *BasicAuthProvider) Delete(ctx context.Context, path string, body []byte) (*http.Response, error) {
+	return ba.DeleteWithHeaders(ctx, path, body, nil)
+}
+
+func (ba *BasicAuthProvider) DeleteWithHeaders(ctx context.Context, path string, body []byte,
+	headers map[string]string) (*http.Response, error) {
+	err := ba.populateHeaders(headers)
+	if err != nil {
+		return nil, err
+	}
+
+	return ba.HTTP.DeleteWithHeaders(ctx, path, body, headers)
+}
+
+func (ba *BasicAuthProvider) populateHeaders(headers map[string]string) error {
+	if headers == nil {
+		headers = make(map[string]string)
+	}
+
+	err := ba.addAuthorizationHeader(headers)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}