feat(tfstated): implement HTTP basic auth

1 files changed, 39 insertions, 0 deletions

diff --git a/pkg/basic_auth/middleware.go b/pkg/basic_auth/middleware.go
new file mode 100644
index 0000000..108124f
--- /dev/null
+++ b/pkg/basic_auth/middleware.go
@@ -0,0 +1,39 @@
+package basic_auth
+
+import (
+	"context"
+	"net/http"
+	"time"
+
+	"git.adyxax.org/adyxax/tfstated/pkg/database"
+)
+
+func Middleware(db *database.DB) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			username, password, ok := r.BasicAuth()
+			if !ok {
+				w.Header().Set("WWW-Authenticate", `Basic realm="tfstated", charset="UTF-8"`)
+				http.Error(w, "Unauthorized", http.StatusUnauthorized)
+				return
+			}
+			account, err := db.LoadAccountByUsername(username)
+			if err != nil {
+				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+				return
+			}
+			if password != account.Password {
+				http.Error(w, "Forbidden", http.StatusForbidden)
+				return
+			}
+			now := time.Now().UTC()
+			_, err = db.Exec(`UPDATE accounts SET last_login = ? WHERE id = ?`, now.Unix(), account.Id)
+			if err != nil {
+				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
+				return
+			}
+			ctx := context.WithValue(r.Context(), "account", account)
+			next.ServeHTTP(w, r.WithContext(ctx))
+		})
+	}
+}