Loading documentation...
Loading documentation...
Loading documentation...
Provides HTTP Basic Authentication. Uses constant-time comparison to prevent timing attacks.
// Single user
s.Use(middleware.BasicAuth("admin", "secret"))
// Multiple users
s.Use(middleware.BasicAuthUsers(map[string]string{
"admin": "secret",
"user": "password",
}))s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: func(username, password string) bool {
// Validate against database
return validateUser(username, password)
},
Realm: "Restricted Area",
SkipFunc: func(r *http.Request) bool {
// Skip auth for public endpoints
return r.URL.Path == "/public"
},
}))s.Use(middleware.BasicAuth("admin", "secret"))s.Use(middleware.BasicAuthUsers(map[string]string{
"admin": "admin-secret",
"user": "user-password",
"readonly": "readonly-pass",
}))Validate against a database or external service:
s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: func(username, password string) bool {
user, err := userService.GetByUsername(username)
if err != nil {
return false
}
return userService.ValidatePassword(user, password)
},
Realm: "My Application",
}))Skip authentication for public endpoints:
s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: validateUser,
Realm: "Restricted",
SkipFunc: func(r *http.Request) bool {
// Public endpoints
publicPaths := []string{"/", "/health", "/public"}
for _, path := range publicPaths {
if r.URL.Path == path {
return true
}
}
return false
},
}))The realm is displayed in the browser's authentication dialog:
s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: validateUser,
Realm: "Admin Area - Please Login",
}))subtle.ConstantTimeCompares := helix.New()
// Protect admin routes
admin := s.Group("/admin", middleware.BasicAuth("admin", "secret"))
admin.GET("/users", listUsers)
admin.POST("/users", createUser)
// Protect API with custom validator
api := s.Group("/api", middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: func(username, password string) bool {
return validateAPIKey(username, password)
},
Realm: "API Access",
}))Provides HTTP Basic Authentication. Uses constant-time comparison to prevent timing attacks.
// Single user
s.Use(middleware.BasicAuth("admin", "secret"))
// Multiple users
s.Use(middleware.BasicAuthUsers(map[string]string{
"admin": "secret",
"user": "password",
}))s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: func(username, password string) bool {
// Validate against database
return validateUser(username, password)
},
Realm: "Restricted Area",
SkipFunc: func(r *http.Request) bool {
// Skip auth for public endpoints
return r.URL.Path == "/public"
},
}))s.Use(middleware.BasicAuth("admin", "secret"))s.Use(middleware.BasicAuthUsers(map[string]string{
"admin": "admin-secret",
"user": "user-password",
"readonly": "readonly-pass",
}))Validate against a database or external service:
s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: func(username, password string) bool {
user, err := userService.GetByUsername(username)
if err != nil {
return false
}
return userService.ValidatePassword(user, password)
},
Realm: "My Application",
}))Skip authentication for public endpoints:
s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: validateUser,
Realm: "Restricted",
SkipFunc: func(r *http.Request) bool {
// Public endpoints
publicPaths := []string{"/", "/health", "/public"}
for _, path := range publicPaths {
if r.URL.Path == path {
return true
}
}
return false
},
}))The realm is displayed in the browser's authentication dialog:
s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: validateUser,
Realm: "Admin Area - Please Login",
}))subtle.ConstantTimeCompares := helix.New()
// Protect admin routes
admin := s.Group("/admin", middleware.BasicAuth("admin", "secret"))
admin.GET("/users", listUsers)
admin.POST("/users", createUser)
// Protect API with custom validator
api := s.Group("/api", middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: func(username, password string) bool {
return validateAPIKey(username, password)
},
Realm: "API Access",
}))// Single user
s.Use(middleware.BasicAuth("admin", "secret"))
// Multiple users
s.Use(middleware.BasicAuthUsers(map[string]string{
"admin": "secret",
"user": "password",
}))s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: func(username, password string) bool {
// Validate against database
return validateUser(username, password)
},
Realm: "Restricted Area",
SkipFunc: func(r *http.Request) bool {
// Skip auth for public endpoints
return r.URL.Path == "/public"
},
}))s.Use(middleware.BasicAuth("admin", "secret"))s.Use(middleware.BasicAuthUsers(map[string]string{
"admin": "admin-secret",
"user": "user-password",
"readonly": "readonly-pass",
}))s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: func(username, password string) bool {
user, err := userService.GetByUsername(username)
if err != nil {
return false
}
return userService.ValidatePassword(user, password)
},
Realm: "My Application",
}))s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: validateUser,
Realm: "Restricted",
SkipFunc: func(r *http.Request) bool {
// Public endpoints
publicPaths := []string{"/", "/health", "/public"}
for _, path := range publicPaths {
if r.URL.Path == path {
return true
}
}
return false
},
}))s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: validateUser,
Realm: "Admin Area - Please Login",
}))s := helix.New()
// Protect admin routes
admin := s.Group("/admin", middleware.BasicAuth("admin", "secret"))
admin.GET("/users", listUsers)
admin.POST("/users", createUser)
// Protect API with custom validator
api := s.Group("/api", middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: func(username, password string) bool {
return validateAPIKey(username, password)
},
Realm: "API Access",
}))// Single user
s.Use(middleware.BasicAuth("admin", "secret"))
// Multiple users
s.Use(middleware.BasicAuthUsers(map[string]string{
"admin": "secret",
"user": "password",
}))s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: func(username, password string) bool {
// Validate against database
return validateUser(username, password)
},
Realm: "Restricted Area",
SkipFunc: func(r *http.Request) bool {
// Skip auth for public endpoints
return r.URL.Path == "/public"
},
}))s.Use(middleware.BasicAuth("admin", "secret"))s.Use(middleware.BasicAuthUsers(map[string]string{
"admin": "admin-secret",
"user": "user-password",
"readonly": "readonly-pass",
}))s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: func(username, password string) bool {
user, err := userService.GetByUsername(username)
if err != nil {
return false
}
return userService.ValidatePassword(user, password)
},
Realm: "My Application",
}))s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: validateUser,
Realm: "Restricted",
SkipFunc: func(r *http.Request) bool {
// Public endpoints
publicPaths := []string{"/", "/health", "/public"}
for _, path := range publicPaths {
if r.URL.Path == path {
return true
}
}
return false
},
}))s.Use(middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: validateUser,
Realm: "Admin Area - Please Login",
}))s := helix.New()
// Protect admin routes
admin := s.Group("/admin", middleware.BasicAuth("admin", "secret"))
admin.GET("/users", listUsers)
admin.POST("/users", createUser)
// Protect API with custom validator
api := s.Group("/api", middleware.BasicAuthWithConfig(middleware.BasicAuthConfig{
Validator: func(username, password string) bool {
return validateAPIKey(username, password)
},
Realm: "API Access",
}))