import { RoutingError } from "./error.ts";import { Sha1 } from "./vendor/https/deno.land/std/hash/sha1.ts";import { assert } from "./vendor/https/deno.land/std/testing/asserts.ts";import { ServeHandler } from "./server.ts";
export const contentTypeFilter = ( ...types: (string | RegExp)[]): ServeHandler => async (req) => { if (types.some((v) => req.headers.get("content-type")?.match(v))) { return; } throw new RoutingError(400); };
function timeSafeCompare(secret: string, other: string): boolean { const a = new Sha1(); const b = new Sha1(); a.update(secret); b.update(other); return a.toString() === b.toString();}
export interface BasicAuthOption { credentials: { username: string; password: string; }[]; message?: string;}
export function basicAuth( { credentials, message }: BasicAuthOption,): ServeHandler { const users = new Map<string, string>(); for (const { username, password } of credentials) { assert(username, "username must be defined and not be empty"); assert(password, "password must be defined and not be ampty"); users.set(username, password); } return async function basicAuth(req) { const authorization = req.headers.get("authorization"); if (!authorization) { return req.respond({ status: 401, headers: new Headers({ "www-authenticate": 'Basic realm="RECRET AREA"', }), body: message ?? "Authentication Required", }); } else { const unauthorized = () => req.respond({ status: 401, body: "Unauthorized" }); let m = authorization.match(/^Basic (.+?)$/); if (!m) { return unauthorized(); } const [u, p] = atob(m[1]).split(":"); if (u == null || p == null) { return unauthorized(); } const password = users.get(u); if (password == null) { return unauthorized(); } if (!timeSafeCompare(password, p)) { return unauthorized(); } } };}