From d5a15d6756a897e4a8c8e6fd549843bb0fb9ffd9 Mon Sep 17 00:00:00 2001 From: Manuel Laufenberg Date: Thu, 15 Sep 2016 15:24:22 +0200 Subject: [PATCH] add basic auth support implemented requested changes fix docs remove struct tag --- docs/toml.md | 12 ++++++++++++ traefik.sample.toml | 11 +++++++++++ web.go | 37 ++++++++++++++++++++++++++++++++----- 3 files changed, 55 insertions(+), 5 deletions(-) diff --git a/docs/toml.md b/docs/toml.md index 2e48c4667..a77737ec9 100644 --- a/docs/toml.md +++ b/docs/toml.md @@ -411,6 +411,18 @@ address = ":8080" # # Optional # ReadOnly = false +# +# To enable basic auth on the webui +# with 2 user/pass: test:test and test2:test2 +# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones +# [web.auth.basic] +# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"] +# To enable digest auth on the webui +# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2 +# You can use htdigest to generate those ones +# [web.auth.basic] +# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"] + ``` - `/`: provides a simple HTML frontend of Træfik diff --git a/traefik.sample.toml b/traefik.sample.toml index 388147e5a..c0f6d7186 100644 --- a/traefik.sample.toml +++ b/traefik.sample.toml @@ -221,6 +221,17 @@ # Optional # ReadOnly = false +# To enable basic auth on the webui +# with 2 user/pass: test:test and test2:test2 +# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones +# [web.auth.basic] +# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"] +# To enable digest auth on the webui +# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2 +# You can use htdigest to generate those ones +# [web.auth.basic] +# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"] + ################################################################ # File configuration backend diff --git a/web.go b/web.go index bb0646b5e..adfc59f65 100644 --- a/web.go +++ b/web.go @@ -9,8 +9,10 @@ import ( "runtime" log "github.com/Sirupsen/logrus" + "github.com/codegangsta/negroni" "github.com/containous/mux" "github.com/containous/traefik/autogen" + "github.com/containous/traefik/middlewares" "github.com/containous/traefik/safe" "github.com/containous/traefik/types" "github.com/elazarl/go-bindata-assetfs" @@ -28,6 +30,7 @@ type WebProvider struct { KeyFile string `description:"SSL certificate"` ReadOnly bool `description:"Enable read only API"` server *Server + Auth *types.Auth } var ( @@ -47,6 +50,7 @@ func goroutines() interface{} { // Provide allows the provider to provide configurations to traefik // using the given configuration channel. func (provider *WebProvider) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool, _ []types.Constraint) error { + systemRouter := mux.NewRouter() // health route @@ -103,15 +107,37 @@ func (provider *WebProvider) Provide(configurationChan chan<- types.ConfigMessag } go func() { - if len(provider.CertFile) > 0 && len(provider.KeyFile) > 0 { - err := http.ListenAndServeTLS(provider.Address, provider.CertFile, provider.KeyFile, systemRouter) + + if provider.Auth != nil { + authMiddleware, err := middlewares.NewAuthenticator(provider.Auth) if err != nil { - log.Fatal("Error creating server: ", err) + log.Fatal("Error creating Auth: ", err) + } + var negroni = negroni.New() + negroni.Use(authMiddleware) + negroni.UseHandler(systemRouter) + + if len(provider.CertFile) > 0 && len(provider.KeyFile) > 0 { + err = http.ListenAndServeTLS(provider.Address, provider.CertFile, provider.KeyFile, negroni) + } else { + err = http.ListenAndServe(provider.Address, negroni) + } + + if err != nil { + log.Fatal("Error creating server with Auth: ", err) } } else { - err := http.ListenAndServe(provider.Address, systemRouter) + + var err error + + if len(provider.CertFile) > 0 && len(provider.KeyFile) > 0 { + err = http.ListenAndServeTLS(provider.Address, provider.CertFile, provider.KeyFile, systemRouter) + } else { + err = http.ListenAndServe(provider.Address, systemRouter) + } + if err != nil { - log.Fatal("Error creating server: ", err) + log.Fatal("Error creating server without Auth: ", err) } } }() @@ -238,6 +264,7 @@ func (provider *WebProvider) getRoutesHandler(response http.ResponseWriter, requ } func (provider *WebProvider) getRouteHandler(response http.ResponseWriter, request *http.Request) { + vars := mux.Vars(request) providerID := vars["provider"] frontendID := vars["frontend"]