mirror of https://github.com/grafana/grafana.git
20 lines
678 B
Go
20 lines
678 B
Go
package api
|
|
|
|
import (
|
|
"crypto/subtle"
|
|
"net/http"
|
|
)
|
|
|
|
// BasicAuthenticatedRequest parses the provided HTTP request for basic authentication credentials
|
|
// and returns true if the provided credentials match the expected username and password.
|
|
// Returns false if the request is unauthenticated.
|
|
// Uses constant-time comparison in order to mitigate timing attacks.
|
|
func BasicAuthenticatedRequest(req *http.Request, expectedUser, expectedPass string) bool {
|
|
user, pass, ok := req.BasicAuth()
|
|
if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(expectedUser)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(expectedPass)) != 1 {
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|