From 221a8a9c5de7a466fc0851dd76522c57d7637b16 Mon Sep 17 00:00:00 2001 From: Nick Craig-Wood Date: Wed, 14 Feb 2018 21:06:34 +0000 Subject: [PATCH] serve http/webdav: add --htpasswd option for authentication #1802 --- cmd/serve/httplib/httplib.go | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/cmd/serve/httplib/httplib.go b/cmd/serve/httplib/httplib.go index ea84b8eb9..0b8ba0df8 100644 --- a/cmd/serve/httplib/httplib.go +++ b/cmd/serve/httplib/httplib.go @@ -6,17 +6,21 @@ import ( "log" "net/http" + auth "github.com/abbot/go-http-auth" + "github.com/ncw/rclone/fs" "github.com/spf13/pflag" ) // Globals var ( - bindAddress = "localhost:8080" + bindAddress = "localhost:8080" + htPasswdFile string ) // AddFlags adds the http server specific flags func AddFlags(flagSet *pflag.FlagSet) { flagSet.StringVarP(&bindAddress, "addr", "", bindAddress, "IPaddress:Port to bind server to.") + flagSet.StringVarP(&htPasswdFile, "htpasswd", "", htPasswdFile, "File to use for htpasswd authentication.") } // Help contains text describing the http server to add to the command @@ -27,6 +31,16 @@ var Help = ` Use --addr to specify which IP address and port the server should listen on, eg --addr 1.2.3.4:8000 or --addr :8080 to listen to all IPs. By default it only listens on localhost. + +Use --htpasswd /path/to/htpasswd to provide an htpasswd file. This is +in standard apache format and supports MD5, SHA1 and BCrypt for basic +authentication. Bcrypt is recommended. + +To create an htpasswd file: + + touch htpasswd + htpasswd -B htpasswd user + htpasswd -B htpasswd anotherUser ` // Server contains info about the running http server @@ -37,6 +51,14 @@ type Server struct { // NewServer creates an http server func NewServer(handler http.Handler) *Server { + // Use htpasswd if required on everything + if htPasswdFile != "" { + fs.Infof(nil, "Using %q as htpasswd storage", htPasswdFile) + secretProvider := auth.HtpasswdFileProvider(htPasswdFile) + authenticator := auth.NewBasicAuthenticator("rclone", secretProvider) + handler = auth.JustCheck(authenticator, handler.ServeHTTP) + } + s := &Server{ bindAddress: bindAddress, }