commit 08b392ba680f36b28584b5b55de265a12bcc9778
parent 057a4fef79a353ccbf31585f00add9675138e5c8
Author: Joel-Haeberli <haebu@rubigen.ch>
Date: Wed, 29 May 2024 17:21:23 +0200
fix: auth
Diffstat:
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/c2ec/api-auth.go b/c2ec/api-auth.go
@@ -92,6 +92,7 @@ func AuthenticateTerminal(req *http.Request) bool {
func AuthenticateWirewatcher(req *http.Request) bool {
auth := req.Header.Get(AUTHORIZATION_HEADER)
+ LogInfo("auth", "basic auth header: "+auth)
if basicAuth, found := strings.CutPrefix(auth, BASIC_AUTH_PREFIX); found {
decoded, err := base64.StdEncoding.DecodeString(basicAuth)
@@ -113,7 +114,23 @@ func AuthenticateWirewatcher(req *http.Request) bool {
}
} else {
LogWarn("auth", "basic auth prefix was not set! optimistically matching credentials")
- return true
+ decoded, err := base64.StdEncoding.DecodeString(basicAuth)
+ if err != nil {
+ LogWarn("auth", "failed decoding basic auth header from base64")
+ return false
+ }
+
+ username, password, err := parseBasicAuth(string(decoded))
+ if err != nil {
+ LogWarn("auth", "failed parsing username password from basic auth")
+ return false
+ }
+
+ if strings.EqualFold(username, CONFIG.Server.WireGateway.Username) &&
+ strings.EqualFold(password, CONFIG.Server.WireGateway.Password) {
+
+ return true
+ }
}
LogWarn("auth", "basic auth prefix did not match")
return false
