summaryrefslogtreecommitdiff
path: root/modules/caddyhttp/caddyauth
diff options
context:
space:
mode:
authorMatthew Holt <mholt@users.noreply.github.com>2019-12-23 12:45:35 -0700
committerMatthew Holt <mholt@users.noreply.github.com>2019-12-23 12:45:35 -0700
commit95ed603de79c66ff76bfe7e42986a2fc8c7a1fa4 (patch)
tree1a788b8eba98f0c2e69e5816bac9c7cc09aca96f /modules/caddyhttp/caddyauth
parentcbb405f6aaee046c9de9ffb4f07ca824d9eedeb1 (diff)
Improve godocs all around
These will be used in the new automated documentation system
Diffstat (limited to 'modules/caddyhttp/caddyauth')
-rw-r--r--modules/caddyhttp/caddyauth/basicauth.go19
-rw-r--r--modules/caddyhttp/caddyauth/caddyauth.go3
-rw-r--r--modules/caddyhttp/caddyauth/hashes.go14
3 files changed, 29 insertions, 7 deletions
diff --git a/modules/caddyhttp/caddyauth/basicauth.go b/modules/caddyhttp/caddyauth/basicauth.go
index 8aa44f1..74aa407 100644
--- a/modules/caddyhttp/caddyauth/basicauth.go
+++ b/modules/caddyhttp/caddyauth/basicauth.go
@@ -28,9 +28,14 @@ func init() {
// HTTPBasicAuth facilitates HTTP basic authentication.
type HTTPBasicAuth struct {
- HashRaw json.RawMessage `json:"hash,omitempty" caddy:"namespace=http.authentication.hashes inline_key=algorithm"`
- AccountList []Account `json:"accounts,omitempty"`
- Realm string `json:"realm,omitempty"`
+ // The algorithm with which the passwords are hashed. Default: bcrypt
+ HashRaw json.RawMessage `json:"hash,omitempty" caddy:"namespace=http.authentication.hashes inline_key=algorithm"`
+
+ // The list of accounts to authenticate.
+ AccountList []Account `json:"accounts,omitempty"`
+
+ // The name of the realm. Default: restricted
+ Realm string `json:"realm,omitempty"`
Accounts map[string]Account `json:"-"`
Hash Comparer `json:"-"`
@@ -125,9 +130,15 @@ type Comparer interface {
// Account contains a username, password, and salt (if applicable).
type Account struct {
+ // A user's username.
Username string `json:"username"`
+
+ // The user's hashed password, base64-encoded.
Password []byte `json:"password"`
- Salt []byte `json:"salt,omitempty"` // for algorithms where external salt is needed
+
+ // The user's password salt, base64-encoded; for
+ // algorithms where external salt is needed.
+ Salt []byte `json:"salt,omitempty"`
}
// Interface guards
diff --git a/modules/caddyhttp/caddyauth/caddyauth.go b/modules/caddyhttp/caddyauth/caddyauth.go
index c814caf..aefeec5 100644
--- a/modules/caddyhttp/caddyauth/caddyauth.go
+++ b/modules/caddyhttp/caddyauth/caddyauth.go
@@ -28,7 +28,10 @@ func init() {
}
// Authentication is a middleware which provides user authentication.
+// Rejects requests with HTTP 401 if the request is not authenticated.
type Authentication struct {
+ // A set of authentication providers. If none are specified,
+ // all requests will always be unauthenticated.
ProvidersRaw caddy.ModuleMap `json:"providers,omitempty" caddy:"namespace=http.authentication.providers"`
Providers map[string]Authenticator `json:"-"`
diff --git a/modules/caddyhttp/caddyauth/hashes.go b/modules/caddyhttp/caddyauth/hashes.go
index 3ca5116..5a3173e 100644
--- a/modules/caddyhttp/caddyauth/hashes.go
+++ b/modules/caddyhttp/caddyauth/hashes.go
@@ -52,9 +52,17 @@ func (BcryptHash) Compare(hashed, plaintext, _ []byte) (bool, error) {
// ScryptHash implements the scrypt KDF as a hash.
type ScryptHash struct {
- N int `json:"N,omitempty"`
- R int `json:"r,omitempty"`
- P int `json:"p,omitempty"`
+ // scrypt's N parameter. If unset or 0, a safe default is used.
+ N int `json:"N,omitempty"`
+
+ // scrypt's r parameter. If unset or 0, a safe default is used.
+ R int `json:"r,omitempty"`
+
+ // scrypt's p parameter. If unset or 0, a safe default is used.
+ P int `json:"p,omitempty"`
+
+ // scrypt's key length parameter (in bytes). If unset or 0, a
+ // safe default is used.
KeyLength int `json:"key_length,omitempty"`
}