summaryrefslogtreecommitdiff
path: root/modules/caddyhttp/caddyauth
AgeCommit message (Collapse)Author
2022-09-05caddyauth: Speed up basicauth provision, deprecate scrypt (#4720)Francis Lavoie
* caddyauth: Speed up basicauth provisioning, precalculate fake password * Deprecate scrypt, allow using decoded bcrypt hashes * Add TODO note Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2022-08-02chore: Bump up to Go 1.19, minimum 1.18 (#4925)Francis Lavoie
2021-03-29go.mod: Migrate to golang.org/x/term (#4073)Simão Gomes Viana
golang.org/x/crypto/ssh/terminal is deprecated in favor of golang.org/x/term See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152150495 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152228516 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) Test: go test -count=1 './...'
2020-12-03caddyauth: Use structured logMatthew Holt
2020-12-01caddyauth: Use buffered channel passed to signal.Notify (#3895)Cuong Manh Le
The docs at os/signal.Notify warn about this signal delivery loss bug at https://golang.org/pkg/os/signal/#Notify, which says: Package signal will not block sending to c: the caller must ensure that c has sufficient buffer space to keep up with the expected signal rate. For a channel used for notification of just one signal value, a buffer of size 1 is sufficient. Caught by a static analysis tool from Orijtech, Inc. called "sigchanyzer"
2020-11-26docs: Mention {http.auth.user.id} placeholder in basicauth JSON docs (#3886)Francis Lavoie
2020-11-22ci: Use golangci's github action for linting (#3794)Dave Henderson
* ci: Use golangci's github action for linting Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix most of the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the prealloc lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the misspell lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the varcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the errcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the bodyclose lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the deadcode lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the unused lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosec lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosimple lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the ineffassign lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert the misspell change, use a neutral English Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove broken golangci-lint CI job Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Re-add errantly-removed weakrand initialization Signed-off-by: Dave Henderson <dhenderson@gmail.com> * don't break the loop and return * Removing extra handling for null rootKey * unignore RegisterModule/RegisterAdapter Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> * single-line log message Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Fix lint after a1808b0dbf209c615e438a496d257ce5e3acdce2 was merged Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert ticker change, ignore it instead Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Ignore some of the write errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove blank line Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Use lifetime Signed-off-by: Dave Henderson <dhenderson@gmail.com> * close immediately Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Preallocate configVals Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddytls/distributedstek/distributedstek.go Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-11-13basicauth: Minor internal improvements (#3861)Aurelia
* nitpicks and small improvements in basicauth module 1: roll two if statements into one, since err will be nil in the second case anyhow 2: unlock cache mutex after reading the key, as this happens by-value and reduces code complexity 3: switch cache sync.Mutex to sync.RWMutex for better concurrency on cache fast track * allocate the right kind of mutex
2020-10-31caddyauth: Prevent user enumeration by timingMatthew Holt
Always follow the code path of hashing and comparing a plaintext password even if the account is not found by the given username; this ensures that similar CPU cycles are spent for both valid and invalid usernames. Thanks to @tylerlm for helping and looking into this!
2020-07-17caddyauth: hash-password: Set bcrypt cost to 14 (#3580)Matthew Holt
2020-06-11caddyhttp: Add client cert SAN placeholdersMatthew Holt
2020-06-01caddyauth: Cache basicauth results (fixes #3462) (#3465)Matt Holt
Cache capacity is currently hard-coded at 1000 with random eviction. It is enabled by default from Caddyfile configurations because I assume this is the most common preference.
2020-05-21cmd: hash-password: Fix broken terminal state on SIGINT (#3416)Francis Lavoie
* caddyauth: Fix hash-password broken terminal state on SIGINT * caddycmd: Move TrapSignals calls to only subcommands that run long
2020-05-18caddyauth: Add realm to basicauth Caddyfile directive (#3315)Francis Lavoie
2020-05-11cmd: hash-password: Support reading from stdin (#3373)Andrew Zhou
Closes #3365 * http: Add support in hash-password for reading from terminals/stdin * FIXUP: Run gofmt -s * FIXUP * FIXUP: Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * FIXUP Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2020-04-14httpcaddyfile: Don't lowercase placeholder contents (fixes #3264)Matthew Holt
2020-04-08chore: make the linter happier (#3245)Mohammed Al Sahaf
* chore: make the linter happier * chore: remove reference to maligned linter in .golangci.yml
2020-04-07basicauth: Re-prompt after invalid credentials (fix #3239) (#3240)Matt Holt
2020-03-27caddyauth: Add Metadata field to caddyauth.User (#3174)Robin Lambertz
* caddyauth: Add Metadata field to caddyauth.User * Apply gofmt * Tidy it up a bit Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2020-02-17basicauth: default hash to bcrypt (#3050)Robin Lambertz
The documentation specifies that the hash algorithm defaults to bcrypt. However, the implementation returns an error in provision if no hash is provided. Fix this inconsistency by *actually* defaulting to bcrypt.
2020-01-07basicauth: Accept placeholders; move base64 decoding to provisionMatthew Holt
See https://caddy.community/t/v2-basicauth-bug/6738?u=matt
2019-12-29Export Replacer and use concrete type instead of interfaceMatthew Holt
The interface was only making things difficult; a concrete pointer is probably best.
2019-12-23Improve godocs all aroundMatthew Holt
These will be used in the new automated documentation system
2019-12-12Minor improvements; comments and shorter placeholders & module IDsMatthew Holt
2019-12-10v2: Module documentation; refactor LoadModule(); new caddy struct tags (#2924)Matt Holt
This commit goes a long way toward making automated documentation of Caddy config and Caddy modules possible. It's a broad, sweeping change, but mostly internal. It allows us to automatically generate docs for all Caddy modules (including future third-party ones) and make them viewable on a web page; it also doubles as godoc comments. As such, this commit makes significant progress in migrating the docs from our temporary wiki page toward our new website which is still under construction. With this change, all host modules will use ctx.LoadModule() and pass in both the struct pointer and the field name as a string. This allows the reflect package to read the struct tag from that field so that it can get the necessary information like the module namespace and the inline key. This has the nice side-effect of unifying the code and documentation. It also simplifies module loading, and handles several variations on field types for raw module fields (i.e. variations on json.RawMessage, such as arrays and maps). I also renamed ModuleInfo.Name -> ModuleInfo.ID, to make it clear that the ID is the "full name" which includes both the module namespace and the name. This clarity is helpful when describing module hierarchy. As of this change, Caddy modules are no longer an experimental design. I think the architecture is good enough to go forward.
2019-10-30auth: Clean up basicauthMatthew Holt
2019-10-28caddyhttp: Minor cleanup and fix nil pointer deref in caddyfile adapterMatthew Holt
2019-10-10http: authentication module; hash-password cmd; http_basic providerMatthew Holt
This implements HTTP basicauth into Caddy 2. The basic auth module will not work with passwords that are not securely hashed, so a subcommand hash-password was added to make it convenient to produce those hashes. Also included is Caddyfile support. Closes #2747.