Merge pull request #677 from SantoDE/master

Add basic auth support for web backend
2016-09-19 16:48:05 +02:00 · 2016-09-19 16:48:05 +02:00 · 710fc56c6a
parent b376da1829 d5a15d6756
commit 710fc56c6a
3 changed files with 55 additions and 5 deletions
--- a/docs/toml.md
+++ b/docs/toml.md
@ -411,6 +411,18 @@ address = ":8080"
 #
 # Optional
 # ReadOnly = false
+#
+# To enable basic auth on the webui
+# with 2 user/pass: test:test and test2:test2
+# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
+#   [web.auth.basic] 
+#     users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
+# To enable digest auth on the webui
+# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
+# You can use htdigest to generate those ones
+#   [web.auth.basic] 
+#     users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
+
 ```

 - `/`: provides a simple HTML frontend of Træfik
--- a/traefik.sample.toml
+++ b/traefik.sample.toml
@ -221,6 +221,17 @@
 # Optional
 # ReadOnly = false

+# To enable basic auth on the webui
+# with 2 user/pass: test:test and test2:test2
+# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
+#   [web.auth.basic] 
+#     users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
+# To enable digest auth on the webui
+# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
+# You can use htdigest to generate those ones
+#   [web.auth.basic] 
+#     users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
+

 ################################################################
 # File configuration backend
--- a/web.go
+++ b/web.go
@ -9,8 +9,10 @@ import (
 	"runtime"

 	log "github.com/Sirupsen/logrus"
+	"github.com/codegangsta/negroni"
 	"github.com/containous/mux"
 	"github.com/containous/traefik/autogen"
+	"github.com/containous/traefik/middlewares"
 	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/types"
 	"github.com/elazarl/go-bindata-assetfs"
@ -28,6 +30,7 @@ type WebProvider struct {
 	KeyFile  string `description:"SSL certificate"`
 	ReadOnly bool   `description:"Enable read only API"`
 	server   *Server
+	Auth     *types.Auth
 }

 var (
@ -47,6 +50,7 @@ func goroutines() interface{} {
 // Provide allows the provider to provide configurations to traefik
 // using the given configuration channel.
 func (provider *WebProvider) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool, _ []types.Constraint) error {
+
 	systemRouter := mux.NewRouter()

 	// health route
@ -103,15 +107,37 @@ func (provider *WebProvider) Provide(configurationChan chan<- types.ConfigMessag
 	}

 	go func() {
-		if len(provider.CertFile) > 0 && len(provider.KeyFile) > 0 {
-			err := http.ListenAndServeTLS(provider.Address, provider.CertFile, provider.KeyFile, systemRouter)
+
+		if provider.Auth != nil {
+			authMiddleware, err := middlewares.NewAuthenticator(provider.Auth)
 			if err != nil {
-				log.Fatal("Error creating server: ", err)
+				log.Fatal("Error creating Auth: ", err)
+			}
+			var negroni = negroni.New()
+			negroni.Use(authMiddleware)
+			negroni.UseHandler(systemRouter)
+
+			if len(provider.CertFile) > 0 && len(provider.KeyFile) > 0 {
+				err = http.ListenAndServeTLS(provider.Address, provider.CertFile, provider.KeyFile, negroni)
+			} else {
+				err = http.ListenAndServe(provider.Address, negroni)
+			}
+
+			if err != nil {
+				log.Fatal("Error creating server with Auth: ", err)
 			}
 		} else {
-			err := http.ListenAndServe(provider.Address, systemRouter)
+
+			var err error
+
+			if len(provider.CertFile) > 0 && len(provider.KeyFile) > 0 {
+				err = http.ListenAndServeTLS(provider.Address, provider.CertFile, provider.KeyFile, systemRouter)
+			} else {
+				err = http.ListenAndServe(provider.Address, systemRouter)
+			}
+
 			if err != nil {
-				log.Fatal("Error creating server: ", err)
+				log.Fatal("Error creating server without Auth: ", err)
 			}
 		}
 	}()
@ -238,6 +264,7 @@ func (provider *WebProvider) getRoutesHandler(response http.ResponseWriter, requ
 }

 func (provider *WebProvider) getRouteHandler(response http.ResponseWriter, request *http.Request) {
+
 	vars := mux.Vars(request)
 	providerID := vars["provider"]
 	frontendID := vars["frontend"]