国产av日韩一区二区三区精品,成人性爱视频在线观看,国产,欧美,日韩,一区,www.成色av久久成人,2222eeee成人天堂

Home Backend Development Golang Basic Authentication Middleware for Iris

Basic Authentication Middleware for Iris

Nov 01, 2024 pm 06:40 PM

Basic Authentication Middleware for Iris

Overview

The Basic Authentication middleware provides a robust and flexible way to secure your Iris web applications. It supports various user storage methods, including in-memory lists, files, and databases, and offers advanced features such as password encryption, custom error handling, and session expiration.

Installation

To use the basicauth middleware, you need to import it in your Iris application:

import "github.com/kataras/iris/v12/middleware/basicauth"

Features

Authentication Function

The core of the middleware is the Allow field, which is a function with the following signature:

func(ctx iris.Context, username, password string) (any, bool)

This function is responsible for validating the username and password. It returns a user object (or any other type) and a boolean indicating whether the authentication was successful.

User Structure (Helper)

While the middleware does not require a specific user structure, you can use a helper structure to manage user data more conveniently. Here is an example of a user structure:

type User struct {
    Username string   `json:"username"`
    Password string   `json:"password"`
    Roles    []string `json:"roles"`
}

In-Memory User Storage

You can store users in memory using a slice of user structures. This is useful for small applications or testing purposes.

var users = []User{
    {"admin", "admin", []string{"admin"}},
    {"kataras", "kataras_pass", []string{"manager", "author"}},
    {"george", "george_pass", []string{"member"}},
    {"john", "john_pass", []string{}},
}

Basic Setup

To set up the middleware, create an instance of basicauth.Options and pass it to basicauth.New.

opts := basicauth.Options{
    Realm: basicauth.DefaultRealm,
    MaxAge: 10 * time.Minute,
    GC: basicauth.GC{
        Every: 2 * time.Hour,
    },
    Allow: basicauth.AllowUsers(users),
}

auth := basicauth.New(opts)

Using a File for User Storage

You can load users from a file (JSON or YAML). This is useful for applications where user data changes frequently.

auth := basicauth.Load("users.yml")

BCRYPT Option

The BCRYPT option allows you to use bcrypt for password hashing. Bcrypt is a password hashing function designed to be computationally intensive to resist brute-force attacks. It is widely used for securely storing passwords.

auth := basicauth.Load("users.yml", basicauth.BCRYPT)

You can also use the BCRYPT option with other user fetching methods, such as in-memory or database storage.

Using a Database for User Storage

For more dynamic user management, you can validate users against a database. Here is an example of how to set up the middleware using a MySQL database:

package main

import (
    "context"
    "database/sql"
    "fmt"
    "os"

    "github.com/kataras/iris/v12"
    "github.com/kataras/iris/v12/middleware/basicauth"

    _ "github.com/go-sql-driver/mysql"
)

type User struct {
    ID       int64  `db:"id" json:"id"`
    Username string `db:"username" json:"username"`
    Password string `db:"password" json:"password"`
    Email    string `db:"email" json:"email"`
}

func (u User) GetUsername() string {
    return u.Username
}

func (u User) GetPassword() string {
    return u.Password
}

func main() {
    dsn := fmt.Sprintf("%s:%s@tcp(%s:3306)/%s?parseTime=true&charset=utf8mb4&collation=utf8mb4_unicode_ci",
        getenv("MYSQL_USER", "user_myapp"),
        getenv("MYSQL_PASSWORD", "dbpassword"),


    get

env("MYSQL_HOST", "localhost"),
        getenv("MYSQL_DATABASE", "myapp"),
    )
    db, err := connect(dsn)
    if err != nil {
        panic(err)
    }

    // Validate a user from database.
    allowFunc := func(ctx iris.Context, username, password string) (any, bool) {
        user, err := db.getUserByUsernameAndPassword(context.Background(), username, password)
        return user, err == nil
    }

    opts := basicauth.Options{
        Realm:        basicauth.DefaultRealm,
        ErrorHandler: basicauth.DefaultErrorHandler,
        Allow:        allowFunc,
    }

    auth := basicauth.New(opts)

    app := iris.New()
    app.Use(auth)
    app.Get("/", index)
    app.Listen(":8080")
}

func index(ctx iris.Context) {
    user, _ := ctx.User().GetRaw()
    // user is a type of main.User
    ctx.JSON(user)
}

Custom Error Handling

You can customize the error handling behavior by setting the ErrorHandler field in the basicauth.Options.

opts := basicauth.Options{
    ErrorHandler: func(ctx iris.Context, err error) {
        ctx.StatusCode(iris.StatusUnauthorized)
        ctx.JSON(iris.Map{"error": "Unauthorized"})
    },
}

Session Expiration

The middleware supports session expiration. You can set the MaxAge field to specify the duration after which the user must re-authenticate.

opts := basicauth.Options{
    MaxAge: 10 * time.Minute,
}

Garbage Collection

To clear expired users from memory, you can set the GC field.

import "github.com/kataras/iris/v12/middleware/basicauth"

Testing Handlers with BasicAuth Middleware

To test handlers that use the BasicAuth middleware, you can use the

httptest

package provided by Iris. Here is an example of how to test a handler:

func(ctx iris.Context, username, password string) (any, bool)

Example

Here is a complete example that demonstrates how to set up the middleware with in-memory user storage:

type User struct {
    Username string   `json:"username"`
    Password string   `json:"password"`
    Roles    []string `json:"roles"`
}

Conclusion

The Basic Authentication middleware provides a comprehensive solution for securing your Iris web applications. With support for various user storage methods, advanced features like password encryption and custom error handling, and easy integration, it is a powerful tool for developers.

The above is the detailed content of Basic Authentication Middleware for Iris. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undress AI Tool

Undress AI Tool

Undress images for free

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

What are the implications of Go's static linking by default? What are the implications of Go's static linking by default? Jun 19, 2025 am 01:08 AM

Go compiles the program into a standalone binary by default, the main reason is static linking. 1. Simpler deployment: no additional installation of dependency libraries, can be run directly across Linux distributions; 2. Larger binary size: Including all dependencies causes file size to increase, but can be optimized through building flags or compression tools; 3. Higher predictability and security: avoid risks brought about by changes in external library versions and enhance stability; 4. Limited operation flexibility: cannot hot update of shared libraries, and recompile and deployment are required to fix dependency vulnerabilities. These features make Go suitable for CLI tools, microservices and other scenarios, but trade-offs are needed in environments where storage is restricted or relies on centralized management.

How does Go ensure memory safety without manual memory management like in C? How does Go ensure memory safety without manual memory management like in C? Jun 19, 2025 am 01:11 AM

Goensuresmemorysafetywithoutmanualmanagementthroughautomaticgarbagecollection,nopointerarithmetic,safeconcurrency,andruntimechecks.First,Go’sgarbagecollectorautomaticallyreclaimsunusedmemory,preventingleaksanddanglingpointers.Second,itdisallowspointe

How do I create a buffered channel in Go? (e.g., make(chan int, 10)) How do I create a buffered channel in Go? (e.g., make(chan int, 10)) Jun 20, 2025 am 01:07 AM

To create a buffer channel in Go, just specify the capacity parameters in the make function. The buffer channel allows the sending operation to temporarily store data when there is no receiver, as long as the specified capacity is not exceeded. For example, ch:=make(chanint,10) creates a buffer channel that can store up to 10 integer values; unlike unbuffered channels, data will not be blocked immediately when sending, but the data will be temporarily stored in the buffer until it is taken away by the receiver; when using it, please note: 1. The capacity setting should be reasonable to avoid memory waste or frequent blocking; 2. The buffer needs to prevent memory problems from being accumulated indefinitely in the buffer; 3. The signal can be passed by the chanstruct{} type to save resources; common scenarios include controlling the number of concurrency, producer-consumer models and differentiation

How can you use Go for system programming tasks? How can you use Go for system programming tasks? Jun 19, 2025 am 01:10 AM

Go is ideal for system programming because it combines the performance of compiled languages ??such as C with the ease of use and security of modern languages. 1. In terms of file and directory operations, Go's os package supports creation, deletion, renaming and checking whether files and directories exist. Use os.ReadFile to read the entire file in one line of code, which is suitable for writing backup scripts or log processing tools; 2. In terms of process management, the exec.Command function of the os/exec package can execute external commands, capture output, set environment variables, redirect input and output flows, and control process life cycles, which are suitable for automation tools and deployment scripts; 3. In terms of network and concurrency, the net package supports TCP/UDP programming, DNS query and original sets.

How do I call a method on a struct instance in Go? How do I call a method on a struct instance in Go? Jun 24, 2025 pm 03:17 PM

In Go language, calling a structure method requires first defining the structure and the method that binds the receiver, and accessing it using a point number. After defining the structure Rectangle, the method can be declared through the value receiver or the pointer receiver; 1. Use the value receiver such as func(rRectangle)Area()int and directly call it through rect.Area(); 2. If you need to modify the structure, use the pointer receiver such as func(r*Rectangle)SetWidth(...), and Go will automatically handle the conversion of pointers and values; 3. When embedding the structure, the method of embedded structure will be improved, and it can be called directly through the outer structure; 4. Go does not need to force use getter/setter,

What are interfaces in Go, and how do I define them? What are interfaces in Go, and how do I define them? Jun 22, 2025 pm 03:41 PM

In Go, an interface is a type that defines behavior without specifying implementation. An interface consists of method signatures, and any type that implements these methods automatically satisfy the interface. For example, if you define a Speaker interface that contains the Speak() method, all types that implement the method can be considered Speaker. Interfaces are suitable for writing common functions, abstract implementation details, and using mock objects in testing. Defining an interface uses the interface keyword and lists method signatures, without explicitly declaring the type to implement the interface. Common use cases include logs, formatting, abstractions of different databases or services, and notification systems. For example, both Dog and Robot types can implement Speak methods and pass them to the same Anno

How do I use string functions from the strings package in Go? (e.g., len(), strings.Contains(), strings.Index(), strings.ReplaceAll()) How do I use string functions from the strings package in Go? (e.g., len(), strings.Contains(), strings.Index(), strings.ReplaceAll()) Jun 20, 2025 am 01:06 AM

In Go language, string operations are mainly implemented through strings package and built-in functions. 1.strings.Contains() is used to determine whether a string contains a substring and returns a Boolean value; 2.strings.Index() can find the location where the substring appears for the first time, and if it does not exist, it returns -1; 3.strings.ReplaceAll() can replace all matching substrings, and can also control the number of replacements through strings.Replace(); 4.len() function is used to obtain the length of the bytes of the string, but when processing Unicode, you need to pay attention to the difference between characters and bytes. These functions are often used in scenarios such as data filtering, text parsing, and string processing.

How do I use the io package to work with input and output streams in Go? How do I use the io package to work with input and output streams in Go? Jun 20, 2025 am 11:25 AM

TheGoiopackageprovidesinterfaceslikeReaderandWritertohandleI/Ooperationsuniformlyacrosssources.1.io.Reader'sReadmethodenablesreadingfromvarioussourcessuchasfilesorHTTPresponses.2.io.Writer'sWritemethodfacilitateswritingtodestinationslikestandardoutpu

See all articles