1 files changed, 68 insertions, 0 deletions
diff --git a/src/filters/auth/basic.rs b/src/filters/auth/basic.rs
new file mode 100644
index 0000000..a7a74c8
--- /dev/null
+++ b/src/filters/auth/basic.rs
@@ -0,0 +1,68 @@
+use crate::{
+    config::DynNode,
+    error::ServiceError,
+    filters::{Node, NodeContext, NodeKind, NodeRequest, NodeResponse},
+};
+use base64::Engine;
+use futures::Future;
+use http_body_util::{combinators::BoxBody, BodyExt};
+use hyper::{
+    header::{HeaderValue, AUTHORIZATION, WWW_AUTHENTICATE},
+    Response, StatusCode,
+};
+use log::debug;
+use serde::Deserialize;
+use serde_yaml::Value;
+use std::{collections::HashSet, pin::Pin, sync::Arc};
+
+pub struct HttpBasicAuthKind;
+impl NodeKind for HttpBasicAuthKind {
+    fn name(&self) -> &'static str {
+        "http_basic_auth"
+    }
+    fn instanciate(&self, config: Value) -> anyhow::Result<Arc<dyn Node>> {
+        Ok(Arc::new(serde_yaml::from_value::<HttpBasicAuth>(config)?))
+    }
+}
+
+#[derive(Deserialize)]
+pub struct HttpBasicAuth {
+    realm: String,
+    valid: HashSet<String>,
+    next: DynNode,
+}
+
+impl Node for HttpBasicAuth {
+    fn handle<'a>(
+        &'a self,
+        context: &'a mut NodeContext,
+        request: NodeRequest,
+    ) -> Pin<Box<dyn Future<Output = Result<NodeResponse, ServiceError>> + Send + Sync + 'a>> {
+        Box::pin(async move {
+            if let Some(auth) = request.headers().get(AUTHORIZATION) {
+                let k = auth
+                    .as_bytes()
+                    .strip_prefix(b"Basic ")
+                    .ok_or(ServiceError::BadAuth)?;
+                let k = base64::engine::general_purpose::STANDARD.decode(k)?;
+                let k = String::from_utf8(k)?;
+                if self.valid.contains(&k) {
+                    debug!("valid auth");
+                    return self.next.handle(context, request).await;
+                } else {
+                    debug!("invalid auth");
+                }
+            }
+            debug!("unauthorized; sending auth challenge");
+            let mut r = Response::new(BoxBody::<_, ServiceError>::new(
+                String::new().map_err(|_| unreachable!()),
+            ));
+            *r.status_mut() = StatusCode::UNAUTHORIZED;
+            r.headers_mut().insert(
+                WWW_AUTHENTICATE,
+                HeaderValue::from_str(&format!("Basic realm=\"{}\"", self.realm)).unwrap(),
+            );
+            Ok(r)
+        })
+    }
+}