From a103f6976744e507b958689512175bda1983ae83 Mon Sep 17 00:00:00 2001 From: pascal Date: Tue, 27 Jan 2026 17:53:59 +0100 Subject: [PATCH] remove basic auth scheme --- proxy/internal/auth/basicauth.go | 42 -------------------------------- proxy/server.go | 9 ++----- 2 files changed, 2 insertions(+), 49 deletions(-) delete mode 100644 proxy/internal/auth/basicauth.go diff --git a/proxy/internal/auth/basicauth.go b/proxy/internal/auth/basicauth.go deleted file mode 100644 index 38b86394a..000000000 --- a/proxy/internal/auth/basicauth.go +++ /dev/null @@ -1,42 +0,0 @@ -package auth - -import ( - "crypto/subtle" - "net/http" -) - -type BasicAuth struct { - username, password string -} - -func NewBasicAuth(username string, password string) BasicAuth { - return BasicAuth{ - username: username, - password: password, - } -} - -func (BasicAuth) Type() Method { - return MethodBasicAuth -} - -func (b BasicAuth) Authenticate(r *http.Request) (string, bool, any) { - username, password, ok := r.BasicAuth() - if !ok { - return "", false, nil - } - - usernameMatch := subtle.ConstantTimeCompare([]byte(username), []byte(b.username)) == 1 - passwordMatch := subtle.ConstantTimeCompare([]byte(password), []byte(b.password)) == 1 - - // If authenticated, then return the username. - if usernameMatch && passwordMatch { - return username, false, nil - } - - return "", false, nil -} - -func (b BasicAuth) Middleware(next http.Handler) http.Handler { - return next -} diff --git a/proxy/server.go b/proxy/server.go index 1b9a56fca..36807bae6 100644 --- a/proxy/server.go +++ b/proxy/server.go @@ -20,13 +20,14 @@ import ( "time" "github.com/cloudflare/backoff" + "google.golang.org/grpc" + "github.com/netbirdio/netbird/proxy/internal/accesslog" "github.com/netbirdio/netbird/proxy/internal/acme" "github.com/netbirdio/netbird/proxy/internal/auth" "github.com/netbirdio/netbird/proxy/internal/proxy" "github.com/netbirdio/netbird/proxy/internal/roundtrip" "github.com/netbirdio/netbird/shared/management/proto" - "google.golang.org/grpc" ) type errorLog interface { @@ -215,12 +216,6 @@ func (s *Server) updateMapping(ctx context.Context, mapping *proto.ProxyMapping) // Note: this does require the management server to always send a // full mapping rather than deltas during a modification. var schemes []auth.Scheme - if mapping.GetAuth().GetBasic().GetEnabled() { - schemes = append(schemes, auth.NewBasicAuth( - mapping.GetAuth().GetBasic().GetUsername(), - mapping.GetAuth().GetBasic().GetPassword(), - )) - } if mapping.GetAuth().GetPin().GetEnabled() { schemes = append(schemes, auth.NewPin( mapping.GetAuth().GetPin().GetPin(),