Overview
The Basic Authentication middleware provides a robust and flexible way to secure your Iris web applications. It supports various user storage methods, including in-memory lists, files, and databases, and offers advanced features such as password encryption, custom error handling, and session expiration.
Installation
To use the basicauth middleware, you need to import it in your Iris application:
import "github.com/kataras/iris/v12/middleware/basicauth"
Features
Authentication Function
The core of the middleware is the Allow field, which is a function with the following signature:
func(ctx iris.Context, username, password string) (any, bool)
This function is responsible for validating the username and password. It returns a user object (or any other type) and a boolean indicating whether the authentication was successful.
User Structure (Helper)
While the middleware does not require a specific user structure, you can use a helper structure to manage user data more conveniently. Here is an example of a user structure:
type User struct {
Username string `json:"username"`
Password string `json:"password"`
Roles []string `json:"roles"`
}
In-Memory User Storage
You can store users in memory using a slice of user structures. This is useful for small applications or testing purposes.
var users = []User{
{"admin", "admin", []string{"admin"}},
{"kataras", "kataras_pass", []string{"manager", "author"}},
{"george", "george_pass", []string{"member"}},
{"john", "john_pass", []string{}},
}
Basic Setup
To set up the middleware, create an instance of basicauth.Options and pass it to basicauth.New.
opts := basicauth.Options{
Realm: basicauth.DefaultRealm,
MaxAge: 10 * time.Minute,
GC: basicauth.GC{
Every: 2 * time.Hour,
},
Allow: basicauth.AllowUsers(users),
}
auth := basicauth.New(opts)
Using a File for User Storage
You can load users from a file (JSON or YAML). This is useful for applications where user data changes frequently.
auth := basicauth.Load("users.yml")
BCRYPT Option
The BCRYPT option allows you to use bcrypt for password hashing. Bcrypt is a password hashing function designed to be computationally intensive to resist brute-force attacks. It is widely used for securely storing passwords.
auth := basicauth.Load("users.yml", basicauth.BCRYPT)
You can also use the BCRYPT option with other user fetching methods, such as in-memory or database storage.
Using a Database for User Storage
For more dynamic user management, you can validate users against a database. Here is an example of how to set up the middleware using a MySQL database:
package main
import (
"context"
"database/sql"
"fmt"
"os"
"github.com/kataras/iris/v12"
"github.com/kataras/iris/v12/middleware/basicauth"
_ "github.com/go-sql-driver/mysql"
)
type User struct {
ID int64 `db:"id" json:"id"`
Username string `db:"username" json:"username"`
Password string `db:"password" json:"password"`
Email string `db:"email" json:"email"`
}
func (u User) GetUsername() string {
return u.Username
}
func (u User) GetPassword() string {
return u.Password
}
func main() {
dsn := fmt.Sprintf("%s:%s@tcp(%s:3306)/%s?parseTime=true&charset=utf8mb4&collation=utf8mb4_unicode_ci",
getenv("MYSQL_USER", "user_myapp"),
getenv("MYSQL_PASSWORD", "dbpassword"),
get
env("MYSQL_HOST", "localhost"),
getenv("MYSQL_DATABASE", "myapp"),
)
db, err := connect(dsn)
if err != nil {
panic(err)
}
// Validate a user from database.
allowFunc := func(ctx iris.Context, username, password string) (any, bool) {
user, err := db.getUserByUsernameAndPassword(context.Background(), username, password)
return user, err == nil
}
opts := basicauth.Options{
Realm: basicauth.DefaultRealm,
ErrorHandler: basicauth.DefaultErrorHandler,
Allow: allowFunc,
}
auth := basicauth.New(opts)
app := iris.New()
app.Use(auth)
app.Get("/", index)
app.Listen(":8080")
}
func index(ctx iris.Context) {
user, _ := ctx.User().GetRaw()
// user is a type of main.User
ctx.JSON(user)
}
Custom Error Handling
You can customize the error handling behavior by setting the ErrorHandler field in the basicauth.Options.
opts := basicauth.Options{
ErrorHandler: func(ctx iris.Context, err error) {
ctx.StatusCode(iris.StatusUnauthorized)
ctx.JSON(iris.Map{"error": "Unauthorized"})
},
}
Session Expiration
The middleware supports session expiration. You can set the MaxAge field to specify the duration after which the user must re-authenticate.
opts := basicauth.Options{
MaxAge: 10 * time.Minute,
}
Garbage Collection
To clear expired users from memory, you can set the GC field.
import "github.com/kataras/iris/v12/middleware/basicauth"
Testing Handlers with BasicAuth Middleware
To test handlers that use the BasicAuth middleware, you can use the
httptest
package provided by Iris. Here is an example of how to test a handler:
func(ctx iris.Context, username, password string) (any, bool)
Example
Here is a complete example that demonstrates how to set up the middleware with in-memory user storage:
type User struct {
Username string `json:"username"`
Password string `json:"password"`
Roles []string `json:"roles"`
}
Conclusion
The Basic Authentication middleware provides a comprehensive solution for securing your Iris web applications. With support for various user storage methods, advanced features like password encryption and custom error handling, and easy integration, it is a powerful tool for developers.
The above is the detailed content of Basic Authentication Middleware for Iris. For more information, please follow other related articles on the PHP Chinese website!
Learn Go String Manipulation: Working with the 'strings' PackageMay 09, 2025 am 12:07 AMGo's "strings" package provides rich features to make string operation efficient and simple. 1) Use strings.Contains() to check substrings. 2) strings.Split() can be used to parse data, but it should be used with caution to avoid performance problems. 3) strings.Join() is suitable for formatting strings, but for small datasets, looping = is more efficient. 4) For large strings, it is more efficient to build strings using strings.Builder.
Go: String Manipulation with the Standard 'strings' PackageMay 09, 2025 am 12:07 AMGo uses the "strings" package for string operations. 1) Use strings.Join function to splice strings. 2) Use the strings.Contains function to find substrings. 3) Use the strings.Replace function to replace strings. These functions are efficient and easy to use and are suitable for various string processing tasks.
Mastering Byte Slice Manipulation with Go's 'bytes' Package: A Practical GuideMay 09, 2025 am 12:02 AMThebytespackageinGoisessentialforefficientbyteslicemanipulation,offeringfunctionslikeContains,Index,andReplaceforsearchingandmodifyingbinarydata.Itenhancesperformanceandcodereadability,makingitavitaltoolforhandlingbinarydata,networkprotocols,andfileI
Learn Go Binary Encoding/Decoding: Working with the 'encoding/binary' PackageMay 08, 2025 am 12:13 AMGo uses the "encoding/binary" package for binary encoding and decoding. 1) This package provides binary.Write and binary.Read functions for writing and reading data. 2) Pay attention to choosing the correct endian (such as BigEndian or LittleEndian). 3) Data alignment and error handling are also key to ensure the correctness and performance of the data.
Go: Byte Slice Manipulation with the Standard 'bytes' PackageMay 08, 2025 am 12:09 AMThe"bytes"packageinGooffersefficientfunctionsformanipulatingbyteslices.1)Usebytes.Joinforconcatenatingslices,2)bytes.Bufferforincrementalwriting,3)bytes.Indexorbytes.IndexByteforsearching,4)bytes.Readerforreadinginchunks,and5)bytes.SplitNor
Go encoding/binary package: Optimizing performance for binary operationsMay 08, 2025 am 12:06 AMTheencoding/binarypackageinGoiseffectiveforoptimizingbinaryoperationsduetoitssupportforendiannessandefficientdatahandling.Toenhanceperformance:1)Usebinary.NativeEndianfornativeendiannesstoavoidbyteswapping.2)BatchReadandWriteoperationstoreduceI/Oover
Go bytes package: short reference and tipsMay 08, 2025 am 12:05 AMGo's bytes package is mainly used to efficiently process byte slices. 1) Using bytes.Buffer can efficiently perform string splicing to avoid unnecessary memory allocation. 2) The bytes.Equal function is used to quickly compare byte slices. 3) The bytes.Index, bytes.Split and bytes.ReplaceAll functions can be used to search and manipulate byte slices, but performance issues need to be paid attention to.
Go bytes package: practical examples for byte slice manipulationMay 08, 2025 am 12:01 AMThe byte package provides a variety of functions to efficiently process byte slices. 1) Use bytes.Contains to check the byte sequence. 2) Use bytes.Split to split byte slices. 3) Replace the byte sequence bytes.Replace. 4) Use bytes.Join to connect multiple byte slices. 5) Use bytes.Buffer to build data. 6) Combined bytes.Map for error processing and data verification.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
SublimeText3 Linux new version
SublimeText3 Linux latest version
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
Dreamweaver Mac version
Visual web development tools
