Basic Auth
Basic Auth 中间件提供 HTTP Basic 认证。
- 对于有效凭据,它会调用下一个处理函数。
- 对于缺失或无效凭据,它会发送
401 Unauthorized响应。
e.Use(middleware.BasicAuth(func(c *echo.Context, username, password string) (bool, error) { // Use a constant time comparison to prevent timing attacks. if subtle.ConstantTimeCompare([]byte(username), []byte("joe")) == 1 && subtle.ConstantTimeCompare([]byte(password), []byte("secret")) == 1 { return true, nil } return false, nil}))e.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{}))type BasicAuthConfig struct { // Skipper defines a function to skip middleware. Skipper Skipper
// Validator validates the credentials. If the request contains multiple basic // auth headers, it is called once for each header until the first valid result. // Required. Validator BasicAuthValidator
// Realm is the realm attribute of the WWW-Authenticate header. // Default value "Restricted". Realm string
// AllowedCheckLimit sets how many headers are allowed to be checked. This is // useful in environments such as corporate test setups with application proxies // restricting access with their own auth scheme. // Default value 1. AllowedCheckLimit uint}Validator 的签名为:
type BasicAuthValidator func(c *echo.Context, user string, password string) (bool, error)// Effective defaults applied when fields are left unset.BasicAuthConfig{ Skipper: DefaultSkipper, Realm: "Restricted",}