gatus/security/basic.go

package security

import "log"

// BasicConfig is the configuration for Basic authentication
type BasicConfig struct {
	// Username is the name which will need to be used for a successful authentication
	Username string `yaml:"username"`

	// PasswordSha512Hash is the SHA512 hash of the password which will need to be used for a successful authentication
	// XXX: Remove this on v4.0.0
	// Deprecated: Use PasswordBcryptHashBase64Encoded instead
	PasswordSha512Hash string `yaml:"password-sha512"`

	// PasswordBcryptHashBase64Encoded is the base64 encoded string of the Bcrypt hash of the password to use to
	// authenticate using basic auth.
	PasswordBcryptHashBase64Encoded string `yaml:"password-bcrypt-base64"`
}

// isValid returns whether the basic security configuration is valid or not
func (c *BasicConfig) isValid() bool {
	if len(c.PasswordSha512Hash) > 0 {
		log.Println("WARNING: security.basic.password-sha512 has been deprecated in favor of security.basic.password-bcrypt-base64")
	}
	return len(c.Username) > 0 && (len(c.PasswordSha512Hash) == 128 || len(c.PasswordBcryptHashBase64Encoded) > 0)
}
#205: Work on supporting OpenID Connect for auth 2021-12-31 06:10:54 +01:00			`package security`

feat(security): Implement Bcrypt for basic auth and deprecate SHA512 I've re-written the code for this several times before but always ended up not going through with it because a hashed Bcrypt string has dollar signs in it, which caused issues with the config due to environment variable support. I finally decided to go through with it by forcing users to base64 encode the bcrypt hash 2022-01-09 01:26:37 +01:00			`import "log"`

#205: Work on supporting OpenID Connect for auth 2021-12-31 06:10:54 +01:00			`// BasicConfig is the configuration for Basic authentication`
			`type BasicConfig struct {`
			`// Username is the name which will need to be used for a successful authentication`
			Username string `yaml:"username"`

			`// PasswordSha512Hash is the SHA512 hash of the password which will need to be used for a successful authentication`
feat(security): Implement Bcrypt for basic auth and deprecate SHA512 I've re-written the code for this several times before but always ended up not going through with it because a hashed Bcrypt string has dollar signs in it, which caused issues with the config due to environment variable support. I finally decided to go through with it by forcing users to base64 encode the bcrypt hash 2022-01-09 01:26:37 +01:00			`// XXX: Remove this on v4.0.0`
			`// Deprecated: Use PasswordBcryptHashBase64Encoded instead`
#205: Work on supporting OpenID Connect for auth 2021-12-31 06:10:54 +01:00			PasswordSha512Hash string `yaml:"password-sha512"`
feat(security): Implement Bcrypt for basic auth and deprecate SHA512 I've re-written the code for this several times before but always ended up not going through with it because a hashed Bcrypt string has dollar signs in it, which caused issues with the config due to environment variable support. I finally decided to go through with it by forcing users to base64 encode the bcrypt hash 2022-01-09 01:26:37 +01:00
			`// PasswordBcryptHashBase64Encoded is the base64 encoded string of the Bcrypt hash of the password to use to`
			`// authenticate using basic auth.`
			PasswordBcryptHashBase64Encoded string `yaml:"password-bcrypt-base64"`
#205: Work on supporting OpenID Connect for auth 2021-12-31 06:10:54 +01:00			`}`

			`// isValid returns whether the basic security configuration is valid or not`
			`func (c *BasicConfig) isValid() bool {`
feat(security): Implement Bcrypt for basic auth and deprecate SHA512 I've re-written the code for this several times before but always ended up not going through with it because a hashed Bcrypt string has dollar signs in it, which caused issues with the config due to environment variable support. I finally decided to go through with it by forcing users to base64 encode the bcrypt hash 2022-01-09 01:26:37 +01:00			`if len(c.PasswordSha512Hash) > 0 {`
			`log.Println("WARNING: security.basic.password-sha512 has been deprecated in favor of security.basic.password-bcrypt-base64")`
			`}`
			`return len(c.Username) > 0 && (len(c.PasswordSha512Hash) == 128 \|\| len(c.PasswordBcryptHashBase64Encoded) > 0)`
#205: Work on supporting OpenID Connect for auth 2021-12-31 06:10:54 +01:00			`}`