feat(serverHandler): add force auth handler

Author: marjune163

doc/en-US/api.md

@@ -154,3 +154,9 @@ Example:
 ```sh
 curl -X POST -d 'name=dir1&name=dir2&name=dir3' 'http://localhost/tmp/?delete'
 ```
+
+# Login
+Perform a login authentication even not required by current path:
+```
+GET <path>?auth
+```

doc/zh-CN/api.md

@@ -151,3 +151,9 @@ name=<dir1>&name=<dir2>&...name=<dirN>
 ```sh
 curl -X POST -d 'name=dir1&name=dir2&name=dir3' 'http://localhost/tmp/?delete'
 ```
+
+# 登录
+发起登录认证，即使当前路径无需验证：
+```
+GET <path>?auth
+```

src/serverHandler/aliasHandler.go

@@ -110,13 +110,19 @@ func (h *aliasHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if data.NeedAuth {
-		h.needAuth(w, r)
-	}
-	if !data.AuthSuccess {
-		if !h.postMiddleware(w, r, data, fsPath) {
-			h.authFailed(w, data.Status)
+		h.notifyAuth(w, r)
+
+		if !data.AuthSuccess {
+			if !h.postMiddleware(w, r, data, fsPath) {
+				h.authFailed(w, data.Status)
+			}
+			return
+		}
+
+		if data.forceAuth {
+			h.redirectWithoutForceAuth(w, r, data)
+			return
 		}
-		return
 	}
 
 	if !data.AllowAccess {

src/serverHandler/auth.go

@@ -3,9 +3,24 @@ package serverHandler
 import (
 	"errors"
 	"net/http"
+	"strings"
 )
 
-func (h *aliasHandler) needAuth(w http.ResponseWriter, r *http.Request) {
+const authQueryParam = "auth"
+
+func (h *aliasHandler) needAuth(rawQuery, rawReqPath, reqFsPath string) (need, force bool) {
+	if strings.HasPrefix(rawQuery, authQueryParam) {
+		return true, true
+	}
+
+	if h.globalAuth {
+		return true, false
+	}
+
+	return hasUrlOrDirPrefix(h.authUrls, rawReqPath, h.authDirs, reqFsPath), false
+}
+
+func (h *aliasHandler) notifyAuth(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("WWW-Authenticate", "Basic realm=\"files\"")
 }
 

src/serverHandler/perm.go

@@ -76,11 +76,3 @@ func (h *aliasHandler) getCanCors(rawReqPath, reqFsPath string) bool {
 
 	return hasUrlOrDirPrefix(h.corsUrls, rawReqPath, h.corsDirs, reqFsPath)
 }
-
-func (h *aliasHandler) getNeedAuth(rawReqPath, reqFsPath string) bool {
-	if h.globalAuth {
-		return true
-	}
-
-	return hasUrlOrDirPrefix(h.authUrls, rawReqPath, h.authDirs, reqFsPath)
-}

src/serverHandler/redirect.go

@@ -10,3 +10,12 @@ func (h *aliasHandler) redirectWithSlashSuffix(w http.ResponseWriter, r *http.Re
 
 	http.Redirect(w, r, target, h.forceDirSlash)
 }
+
+func (h *aliasHandler) redirectWithoutForceAuth(w http.ResponseWriter, r *http.Request, data *responseData) {
+	returnUrl := r.Header.Get("Referer")
+	if len(returnUrl) == 0 {
+		returnUrl = data.prefixReqPath + data.Context.QueryString()
+	}
+
+	http.Redirect(w, r, returnUrl, http.StatusFound)
+}

src/serverHandler/responseData.go

@@ -31,6 +31,7 @@ type responseData struct {
 	handlerReqPath string
 
 	NeedAuth     bool
+	forceAuth    bool
 	AuthUserName string
 	AuthSuccess  bool
 
@@ -305,9 +306,11 @@ func (h *aliasHandler) getResponseData(r *http.Request) (data *responseData, fsP
 	reqPath := util.CleanUrlPath(rawReqPath[len(h.aliasPrefix):])
 	reqFsPath := filepath.Clean(h.root + reqPath)
 
+	rawQuery := r.URL.RawQuery
+
 	status := http.StatusOK
 
-	needAuth := h.getNeedAuth(rawReqPath, reqFsPath)
+	needAuth, forceAuth := h.needAuth(rawQuery, rawReqPath, reqFsPath)
 	authUserName, authSuccess, _authErr := h.verifyAuth(r, needAuth)
 	if needAuth {
 		if _authErr != nil {
@@ -320,7 +323,6 @@ func (h *aliasHandler) getResponseData(r *http.Request) (data *responseData, fsP
 
 	headers := h.getHeaders(rawReqPath, reqFsPath, authSuccess)
 
-	rawQuery := r.URL.RawQuery
 	isDownload := false
 	isDownloadFile := false
 	isUpload := false
@@ -432,6 +434,7 @@ func (h *aliasHandler) getResponseData(r *http.Request) (data *responseData, fsP
 		handlerReqPath: reqPath,
 
 		NeedAuth:     needAuth,
+		forceAuth:    forceAuth,
 		AuthUserName: authUserName,
 		AuthSuccess:  authSuccess,
 

test/case/007.auth.bash

@@ -17,4 +17,10 @@ assert "$userhellostatus" '200'
 userhelloheadstatus=$(curl_head_status http://alice:AliceSecret@127.0.0.1:3003/hello/)
 assert "$userhelloheadstatus" '200'
 
+hellostatus=$(curl_get_status http://127.0.0.1:3003/yes/?auth)
+assert "$hellostatus" '401'
+
+hellostatus=$(curl_get_status http://alice:AliceSecret@127.0.0.1:3003/yes/?auth)
+assert "$hellostatus" '302'
+
 jobs -p | xargs kill &> /dev/null