add support for some basic authentication methods

2026-04-18 16:26:38 +00:00 · 2026-01-29 16:34:52 +00:00
parent 0d480071b6
commit e95cfa1a00
12 changed files with 867 additions and 449 deletions
--- a/proxy/internal/auth/password.go
+++ b/proxy/internal/auth/password.go
@@ -0,0 +1,62 @@
+package auth
+
+import (
+	"net/http"
+
+	"github.com/netbirdio/netbird/shared/management/proto"
+)
+
+const (
+	passwordUserId = "password-user"
+	passwordFormId = "password"
+)
+
+type Password struct {
+	id, accountId string
+	client        authenticator
+}
+
+func NewPassword(client authenticator, id, accountId string) Password {
+	return Password{
+		id:        id,
+		accountId: accountId,
+		client:    client,
+	}
+}
+
+func (Password) Type() Method {
+	return MethodPassword
+}
+
+// Authenticate attempts to authenticate the request using a form
+// value passed in the request.
+// If authentication fails, the required HTTP form ID is returned
+// so that it can be injected into a request from the UI so that
+// authentication may be successful.
+func (p Password) Authenticate(r *http.Request) (string, bool, any) {
+	password := r.FormValue(passwordFormId)
+
+	res, err := p.client.Authenticate(r.Context(), &proto.AuthenticateRequest{
+		Id:        p.id,
+		AccountId: p.accountId,
+		Request: &proto.AuthenticateRequest_Password{
+			Password: &proto.PasswordRequest{
+				Password: password,
+			},
+		},
+	})
+	if err != nil {
+		// TODO: log error here
+		return "", false, passwordFormId
+	}
+
+	if res.GetSuccess() {
+		return passwordUserId, true, nil
+	}
+
+	return "", false, passwordFormId
+}
+
+func (p Password) Middleware(next http.Handler) http.Handler {
+	return next
+}