GOMODULES/fiber
1
0
Fork 0
mirror of https://github.com/gofiber/fiber.git synced 2025-07-10 12:38:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
fiber/docs/middleware/basicauth.md
Juan Calderon-Perez 6d16bf5605
🧹chore: Improve BasicAuth middleware default security (#3522) 
* Refine BasicAuth middleware

* Fix lint issues

* Update basicauth.md
2025-06-20 08:47:35 +02:00

4.1 KiB
Raw Permalink Blame History

id
id
basicauth

BasicAuth

Basic Authentication middleware for Fiber that provides an HTTP basic authentication. It calls the next handler for valid credentials and 401 Unauthorized or a custom response for missing or invalid credentials.

The default unauthorized response includes the header WWW-Authenticate: Basic realm="Restricted", charset="UTF-8" and sets Cache-Control: no-store.

Signatures

func New(config Config) fiber.Handler
func UsernameFromContext(c fiber.Ctx) string
func PasswordFromContext(c fiber.Ctx) string

Examples

Import the middleware package that is part of the Fiber web framework

import (
    "github.com/gofiber/fiber/v3"
    "github.com/gofiber/fiber/v3/middleware/basicauth"
)

After you initiate your Fiber app, you can use the following possibilities:

// Provide a minimal config
app.Use(basicauth.New(basicauth.Config{
    Users: map[string]string{
        "john":  "doe",
        "admin": "123456",
    },
}))

// Or extend your config for customization
app.Use(basicauth.New(basicauth.Config{
    Users: map[string]string{
        "john":  "doe",
        "admin": "123456",
    },
    Realm: "Forbidden",
    Authorizer: func(user, pass string) bool {
        if user == "john" && pass == "doe" {
            return true
        }
        if user == "admin" && pass == "123456" {
            return true
        }
        return false
    },
    Unauthorized: func(c fiber.Ctx) error {
        return c.SendFile("./unauthorized.html")
    },
}))

Getting the username and password

func handler(c fiber.Ctx) error {
    username := basicauth.UsernameFromContext(c)
    password := basicauth.PasswordFromContext(c)
    log.Printf("Username: %s Password: %s", username, password)
    return c.SendString("Hello, " + username)
}

Config

Property Type Description Default
Next func(fiber.Ctx) bool Next defines a function to skip this middleware when returned true. nil
Users map[string]string Users defines the allowed credentials. map[string]string{}
Realm string Realm is a string to define the realm attribute of BasicAuth. The realm identifies the system to authenticate against and can be used by clients to save credentials. "Restricted"
Charset string Charset sent in the WWW-Authenticate header, so clients know how credentials are encoded. "UTF-8"
StorePassword bool Store the plaintext password in the context and retrieve it via PasswordFromContext. false
Authorizer func(string, string) bool Authorizer defines a function to check the credentials. It will be called with a username and password and is expected to return true or false to indicate approval. nil
Unauthorized fiber.Handler Unauthorized defines the response body for unauthorized responses. nil

Default Config

var ConfigDefault = Config{
    Next:            nil,
    Users:           map[string]string{},
    Realm:           "Restricted",
    Charset:         "UTF-8",
    StorePassword:   false,
    Authorizer:      nil,
    Unauthorized:    nil,
}