basicauth: htpasswd path now relative to site root

config/setup/basicauth.go

@@ -9,6 +9,8 @@ import (
 
 // BasicAuth configures a new BasicAuth middleware instance.
 func BasicAuth(c *Controller) (middleware.Middleware, error) {
+	root := c.Root
+
 	rules, err := basicAuthParse(c)
 	if err != nil {
 		return nil, err
@@ -18,6 +20,7 @@ func BasicAuth(c *Controller) (middleware.Middleware, error) {
 
 	return func(next middleware.Handler) middleware.Handler {
 		basic.Next = next
+		basic.SiteRoot = root
 		return basic
 	}, nil
 }
@@ -34,7 +37,7 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
 		switch len(args) {
 		case 2:
 			rule.Username = args[0]
-			if rule.Password, err = passwordMatcher(rule.Username, args[1]); err != nil {
+			if rule.Password, err = passwordMatcher(rule.Username, args[1], c.Root); err != nil {
 				return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err)
 			}
 
@@ -47,7 +50,7 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
 		case 3:
 			rule.Resources = append(rule.Resources, args[0])
 			rule.Username = args[1]
-			if rule.Password, err = passwordMatcher(rule.Username, args[2]); err != nil {
+			if rule.Password, err = passwordMatcher(rule.Username, args[2], c.Root); err != nil {
 				return rules, c.Errf("Get password matcher from %s: %v", c.Val(), err)
 			}
 		default:
@@ -60,10 +63,10 @@ func basicAuthParse(c *Controller) ([]basicauth.Rule, error) {
 	return rules, nil
 }
 
-func passwordMatcher(username, passw string) (basicauth.PasswordMatcher, error) {
+func passwordMatcher(username, passw, siteRoot string) (basicauth.PasswordMatcher, error) {
 	if !strings.HasPrefix(passw, "htpasswd=") {
 		return basicauth.PlainMatcher(passw), nil
 	}
 
-	return basicauth.GetHtpasswdMatcher(passw[9:], username)
+	return basicauth.GetHtpasswdMatcher(passw[9:], username, siteRoot)
 }

dist/CHANGES.txt

@@ -1,5 +1,10 @@
 CHANGES
 
+<master>
+- basicauth: Support for legacy htpasswd files
+- browse: JSON response with file listing given Accept header
+
+
 0.7.5 (August 5, 2015)
 - core: All listeners bind to 0.0.0.0 unless 'bind' directive is used
 - fastcgi: Set HTTPS env variable if connection is secure

middleware/basicauth/basicauth.go

@@ -22,8 +22,9 @@ import (
 // security of HTTP Basic Auth is disputed. Use discretion when deciding
 // what to protect with BasicAuth.
 type BasicAuth struct {
-	Next  middleware.Handler
-	Rules []Rule
+	Next     middleware.Handler
+	SiteRoot string
+	Rules    []Rule
 }
 
 // ServeHTTP implements the middleware.Handler interface.
@@ -84,11 +85,8 @@ var (
 	htpasswordsMu sync.Mutex
 )
 
-func GetHtpasswdMatcher(filename, username string) (PasswordMatcher, error) {
-	filename, err := filepath.Abs(filename)
-	if err != nil {
-		return nil, err
-	}
+func GetHtpasswdMatcher(filename, username, siteRoot string) (PasswordMatcher, error) {
+	filename = filepath.Join(siteRoot, filename)
 	htpasswordsMu.Lock()
 	if htpasswords == nil {
 		htpasswords = make(map[string]map[string]PasswordMatcher)

middleware/basicauth/basicauth_test.go

@@ -132,7 +132,7 @@ md5:$apr1$l42y8rex$pOA2VJ0x/0TwaFeAF9nX61`
 
 	for i, username := range []string{"sha1", "md5"} {
 		rule := Rule{Username: username, Resources: []string{"/testing"}}
-		if rule.Password, err = GetHtpasswdMatcher(htfh.Name(), rule.Username); err != nil {
+		if rule.Password, err = GetHtpasswdMatcher(htfh.Name(), rule.Username, "/"); err != nil {
 			t.Fatalf("GetHtpasswdMatcher(%q, %q): %v", htfh.Name(), rule.Username, err)
 		}
 		t.Logf("%d. username=%q password=%v", i, rule.Username, rule.Password)