basic.go 834 B

123456789101112131415161718192021222324252627282930313233343536
  1. // Copyright 2020 The Gogs Authors. All rights reserved.
  2. // Use of this source code is governed by a MIT-style
  3. // license that can be found in the LICENSE file.
  4. package authutil
  5. import (
  6. "encoding/base64"
  7. "net/http"
  8. "strings"
  9. )
  10. // DecodeBasic extracts username and password from given header using HTTP Basic Auth.
  11. // It returns empty strings if values are not presented or not valid.
  12. func DecodeBasic(header http.Header) (username, password string) {
  13. if len(header) == 0 {
  14. return "", ""
  15. }
  16. fields := strings.Fields(header.Get("Authorization"))
  17. if len(fields) != 2 || fields[0] != "Basic" {
  18. return "", ""
  19. }
  20. p, err := base64.StdEncoding.DecodeString(fields[1])
  21. if err != nil {
  22. return "", ""
  23. }
  24. creds := strings.SplitN(string(p), ":", 2)
  25. if len(creds) == 1 {
  26. return creds[0], ""
  27. }
  28. return creds[0], creds[1]
  29. }