CloudAI/gat1400Exchange.git

New file
			@@ -0,0 +1,151 @@
			package auth

			import (
			"encoding/csv"
			"os"
			"sync"
			)

			// SecretProvider is used by authenticators. Takes user name and realm
			// as an argument, returns secret required for authentication (HA1 for
			// digest authentication, properly encrypted password for basic).
			//
			// Returning an empty string means failing the authentication.
			type SecretProvider func(user, realm string) string

			// File handles automatic file reloading on changes.
			type File struct {
			Path string
			Info os.FileInfo
			/* must be set in inherited types during initialization */
			Reload func()
			mu sync.Mutex
			}

			// ReloadIfNeeded checks file Stat and calls Reload() if any changes
			// were detected. File mutex is Locked for the duration of Reload()
			// call.
			//
			// This function will panic() if Stat fails.
			func (f *File) ReloadIfNeeded() {
			info, err := os.Stat(f.Path)
			if err != nil {
			panic(err)
			}
			f.mu.Lock()
			defer f.mu.Unlock()
			if f.Info == nil \|\| f.Info.ModTime() != info.ModTime() {
			f.Info = info
			f.Reload()
			}
			}

			// HtdigestFile is a File holding htdigest authentication data.
			type HtdigestFile struct {
			// File is used for automatic reloading of the authentication data.
			File
			// Users is a map of realms to users to HA1 digests.
			Users map[string]map[string]string
			mu sync.RWMutex
			}

			func reloadHTDigest(hf *HtdigestFile) {
			r, err := os.Open(hf.Path)
			if err != nil {
			panic(err)
			}
			reader := csv.NewReader(r)
			reader.Comma = ':'
			reader.Comment = '#'
			reader.TrimLeadingSpace = true

			records, err := reader.ReadAll()
			if err != nil {
			panic(err)
			}

			hf.mu.Lock()
			defer hf.mu.Unlock()
			hf.Users = make(map[string]map[string]string)
			for _, record := range records {
			_, exists := hf.Users[record[1]]
			if !exists {
			hf.Users[record[1]] = make(map[string]string)
			}
			hf.Users[record[1]][record[0]] = record[2]
			}
			}

			// HtdigestFileProvider is a SecretProvider implementation based on
			// htdigest-formated files. It will automatically reload htdigest file
			// on changes. It panics on syntax errors in htdigest files.
			func HtdigestFileProvider(filename string) SecretProvider {
			hf := &HtdigestFile{File: File{Path: filename}}
			hf.Reload = func() { reloadHTDigest(hf) }
			return func(user, realm string) string {
			hf.ReloadIfNeeded()
			hf.mu.RLock()
			defer hf.mu.RUnlock()
			_, exists := hf.Users[realm]
			if !exists {
			return ""
			}
			digest, exists := hf.Users[realm][user]
			if !exists {
			return ""
			}
			return digest
			}
			}

			// HtpasswdFile is a File holding basic authentication data.
			type HtpasswdFile struct {
			// File is used for automatic reloading of the authentication data.
			File
			// Users is a map of users to their secrets (salted encrypted
			// passwords).
			Users map[string]string
			mu sync.RWMutex
			}

			func reloadHTPasswd(h *HtpasswdFile) {
			r, err := os.Open(h.Path)
			if err != nil {
			panic(err)
			}
			reader := csv.NewReader(r)
			reader.Comma = ':'
			reader.Comment = '#'
			reader.TrimLeadingSpace = true

			records, err := reader.ReadAll()
			if err != nil {
			panic(err)
			}

			h.mu.Lock()
			defer h.mu.Unlock()
			h.Users = make(map[string]string)
			for _, record := range records {
			h.Users[record[0]] = record[1]
			}
			}

			// HtpasswdFileProvider is a SecretProvider implementation based on
			// htpasswd-formated files. It will automatically reload htpasswd file
			// on changes. It panics on syntax errors in htpasswd files. Realm
			// argument of the SecretProvider is ignored.
			func HtpasswdFileProvider(filename string) SecretProvider {
			h := &HtpasswdFile{File: File{Path: filename}}
			h.Reload = func() { reloadHTPasswd(h) }
			return func(user, realm string) string {
			h.ReloadIfNeeded()
			h.mu.RLock()
			password, exists := h.Users[user]
			h.mu.RUnlock()
			if !exists {
			return ""
			}
			return password
			}
			}