basic-auth 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 6f2d54c20566ea9d553b98485770f9802e322d2cb3573b664a0a2067c8eee538
+  data.tar.gz: c3d73ba6e0b115306a4c81b0c81ce06e0f2ad971343ff03b743db2484ca05b4d
+SHA512:
+  metadata.gz: 7c4b2fd4f1caf23feb11523e8e55fcc71be1ee1f15ef03e5e44ac0f135e72609e82b63db96d55d5d5b0e47e06859377f6aab9d8581af92709e0f7bd7cd4db247
+  data.tar.gz: 180217ef64107865710dca4903d42b9ef97cb529afeefac3817a784f24e18e18ccb93587f24d9809d1e700997e10288597506a2869887cfe35848c9f946eb60e

data/.gitignore

@@ -0,0 +1,11 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/Gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in basic_auth.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,37 @@
+PATH
+  remote: .
+  specs:
+    basic-auth (0.1.0)
+      rack
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.3)
+    rack (2.1.1)
+    rake (10.5.0)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.1)
+      rspec-support (~> 3.9.1)
+    rspec-expectations (3.9.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  basic-auth!
+  bundler (~> 2.0)
+  rake (~> 10.0)
+  rspec (~> 3.0)
+
+BUNDLED WITH
+   2.1.2

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2020 Tung Nguyen
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,83 @@
+# basic-auth Middleware
+
+[![Gem Version](https://badge.fury.io/rb/basic-auth.png)](http://badge.fury.io/rb/basic-auth)
+
+[![BoltOps Badge](https://img.boltops.com/boltops/badges/boltops-badge.png)](https://www.boltops.com)
+
+Basic Auth Rack Middleware that supports htpasswd files.  It works with Rack compatible frameworks like [Jets](https://rubyonjets.com/), [Rails](https://rubyonrails.org/), [Sinatra](http://sinatrarb.com/), etc.
+
+## Sinatra Example
+
+```ruby
+require 'sinatra'
+require 'basic-auth'
+
+use BasicAuth::Middleware
+
+get '/' do
+  "42\n"
+end
+```
+
+## Jets Example
+
+config/application.rb:
+
+```ruby
+Jets.application.configure do
+  config.middleware.use(BasicAuth::Middleware)
+end
+```
+
+## Customizations
+
+Option | Description
+--- | ---
+passwordfile | Path to the htpasswd file. Default: `config/htpasswd`
+protect | Url patterns to protect. The default behavior is to protect all urls. Default: nil (results in protecting all).
+
+Example:
+
+```ruby
+use BasicAuth::Middleware, passwordfile: "config/pass.txt", protect: %r{/area51}
+```
+
+The url paths under `/area51` will all be protected. Other urls like the homepage will not be protected.
+
+## Cached htpasswd
+
+The htpasswd file is loaded into memory and cached. This means any changes you make to htpasswd, like adding users, will require a server restart. If you want to disable the cache, use `BASIC_AUTH_NO_CACHE=1`.
+
+## Generating htpasswd files
+
+The `htpasswd` tool can be used to create htpasswd files. It is installed as part of the apache webserver.  It's general form is:
+
+    htpasswd PASSWORDFILE USERNAME
+
+Example:
+
+    $ htpasswd htpasswd user
+    New password:
+    Re-type new password:
+    Adding password for user user
+    $
+
+There are also online htpasswd generators: [Htpasswd Generator](http://www.htaccesstools.com/htpasswd-generator/)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem "basic-auth"
+
+And then execute:
+
+    bundle
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am "Add some feature"`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/basic-auth.gemspec

@@ -0,0 +1,31 @@
+lib = File.expand_path("lib", __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "basic_auth/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "basic-auth"
+  spec.version       = BasicAuth::VERSION
+  spec.authors       = ["Tung Nguyen"]
+  spec.email         = ["tongueroo@gmail.com"]
+
+  spec.summary       = "Basic Auth Rack Middleware that supports htpasswd files"
+  spec.homepage      = "https://github.com/tongueroo/basic-auth"
+  spec.license       = "MIT"
+
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "rack"
+
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

data/lib/basic-auth.rb

@@ -0,0 +1 @@
+require_relative "basic_auth"

data/lib/basic_auth.rb

@@ -0,0 +1,9 @@
+require "basic_auth/version"
+
+module BasicAuth
+  class Error < StandardError; end
+
+  autoload :Htpasswd, "basic_auth/htpasswd"
+  autoload :Matcher, "basic_auth/matcher"
+  autoload :Middleware, "basic_auth/middleware"
+end

data/lib/basic_auth/htpasswd.rb

@@ -0,0 +1,139 @@
+# Thanks: Based on https://github.com/h2o/h2o/blob/master/share/h2o/mruby/htpasswd.rb
+#
+# based on public-domain code by cho45
+#
+# Copyright (c) 2015 DeNA Co., Ltd., Kazuho Oku
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+#
+require "digest"
+
+module BasicAuth
+  class Htpasswd
+
+    attr_accessor :path
+    attr_accessor :realm
+
+    def initialize(path, realm=nil)
+      @path = path
+      @realm = realm
+    end
+
+    def call(env)
+      if /\/\.ht/.match(env['PATH_INFO'])
+        return [ 404, { "Content-Type" => "text/plain" }, [ "not found" ] ]
+      end
+      auth = env['HTTP_AUTHORIZATION'] # Example: Basic dXNlcjpwYXNz
+      # dXNlcjpwYXNz is base64 encoded
+      if auth
+        method, cred = *auth.split(' ')
+        if method.casecmp("basic") == 0
+          user, pass = cred.unpack("m")[0].split(':', 2)
+          begin
+            if validate(user, pass)
+              return true
+            end
+          rescue => e
+            $stderr.puts "failed to validate password using file:#{@path}:#{e.message}"
+            return false
+          end
+        end
+      end
+      false
+    end
+
+    def validate(user, pass)
+      data.each do |line|
+        line_user, hash = line.chomp.split(':', 2)
+        if user == line_user && self.class.validate(pass, hash)
+          return true
+        end
+      end
+      return false
+    end
+
+    @@data = nil
+    def data
+      return @@data if @@data && !ENV['BASIC_AUTH_NO_CACHE']
+      @@data = File.readlines(@path)
+    end
+
+    def Htpasswd.crypt_md5(pass, salt)
+      ctx = Digest::MD5.new.update("#{pass}$apr1$#{salt}")
+      final = Digest::MD5.new.update("#{pass}#{salt}#{pass}").digest!.bytes
+
+      l = pass.length
+      while l > 0
+        ctx.update(final[0 .. (l > 16 ? 16 : l) - 1].pack("C*"))
+        l -= 16
+      end
+
+      l = pass.length
+      while l > 0
+        ctx.update(l % 2 != 0 ? "\0" : pass[0])
+        l >>= 1
+      end
+
+      final = ctx.digest!
+
+      1000.times do |i|
+        ctx = Digest::MD5.new
+        ctx.update(i % 2 != 0 ? pass : final)
+        ctx.update(salt) if i % 3 != 0
+        ctx.update(pass) if i % 7 != 0
+        ctx.update(i % 2 != 0 ? final : pass)
+        final = ctx.digest!
+      end
+
+      final = final.bytes
+      hash = ""
+      for a, b, c in [[0, 6, 12], [1, 7, 13], [2, 8, 14], [3, 9, 15], [4, 10, 5]]
+        hash << _to64(final[a] << 16 | final[b] << 8 | final[c], 4)
+      end
+      hash << _to64(final[11], 2)
+
+      "$apr1$#{salt}$#{hash}"
+    end
+
+    def Htpasswd._to64(v, n)
+      chars = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+      output = ""
+      n.times do
+        output << chars[v & 0x3f]
+        v >>= 6
+      end
+      output
+    end
+
+    def Htpasswd.crypt_sha1(pass)
+      "{SHA}" + [Digest::SHA1.new.update(pass).digest!].pack("m").chomp
+    end
+
+    def Htpasswd.validate(pass, hash)
+      if /^\$apr1\$(.*)\$/.match(hash)
+        encoded = crypt_md5(pass, $1)
+      elsif /^{SHA}/.match(hash)
+        encoded = crypt_sha1(pass)
+      else
+        raise "crypt-style password hash is not supported"
+      end
+      return encoded == hash
+    end
+  end
+end

data/lib/basic_auth/matcher.rb

@@ -0,0 +1,16 @@
+module BasicAuth
+  class Matcher
+    def initialize(path, options={})
+      @path, @options = path, options
+      @protect = options[:protect]
+    end
+
+    def match?
+      return true unless @protect # defaults to protect all
+      # If user accidentally sets a string, change to a regexp
+      pattern = @protect.is_a?(String) ? Regexp.new(@protect) : @protect
+      matched = @path =~ pattern
+      !!matched
+    end
+  end
+end

data/lib/basic_auth/middleware.rb

@@ -0,0 +1,28 @@
+require "rack"
+
+module BasicAuth
+  class Middleware < Rack::Auth::Basic
+    # Override initialize to allow middleware options. IE:
+    #
+    #     use BasicAuth::Middleware, passwordfile: "htpasswd.txt"
+    #
+    def initialize(app, options={})
+      @app, @options = app, options
+      @passwordfile = options[:passwordfile] || "config/htpasswd"
+    end
+
+    def call(env)
+      path = Rack::Request.new(env).path
+      matcher = Matcher.new(path, @options)
+      return @app.call(env) unless matcher.match? # passthrough if route doesnt match
+
+      htpasswd = Htpasswd.new(@passwordfile)
+      authorized = htpasswd.call(env)
+      if authorized
+        @app.call(env)
+      else
+        unauthorized # from Rack::Auth::Basic
+      end
+    end
+  end
+end

data/lib/basic_auth/version.rb

@@ -0,0 +1,3 @@
+module BasicAuth
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,114 @@
+--- !ruby/object:Gem::Specification
+name: basic-auth
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Tung Nguyen
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2020-01-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: 
+email:
+- tongueroo@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- basic-auth.gemspec
+- lib/basic-auth.rb
+- lib/basic_auth.rb
+- lib/basic_auth/htpasswd.rb
+- lib/basic_auth/matcher.rb
+- lib/basic_auth/middleware.rb
+- lib/basic_auth/version.rb
+homepage: https://github.com/tongueroo/basic-auth
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/tongueroo/basic-auth
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: Basic Auth Rack Middleware that supports htpasswd files
+test_files: []