I was able to solve this problem, using db as global variable. However, would be better if I could pass it to my callback (that today, accepts just two params - user and password). Could you support a variable number of params, where I could for example pass the db handle? I stumbled many times in this question and either I found a "use another middlewear" or "set your db variable global"..

Hey there I tried to use this middleware with go 1.1.1 but it is not working.

The Error: undefined sha256.Sum256 (line 10 and 11 in util.go)

So I updated my go to version 1.2.1

Now everything works fine.

As stated in the main readme of martini "go 1.1 and greater is required". So I was confused why it was not working 1.1.1

Based on the readme, I should be able to do something like:

m := martini.Classic()
m.Use(auth.Basic("username", "secretpassword"))
m.Run()

However, when serving static files via "./public" under Classic mode, none of the static files are authenticated, unless their content does not exist (all content that exists is not subject to basic auth).

You can verify the tests by modifying them like this:

diff --git a/basic_test.go b/basic_test.go
index b4f057b..616d756 100644
--- a/basic_test.go
+++ b/basic_test.go
@@ -13,11 +13,14 @@ func Test_BasicAuth(t *testing.T) {

        auth := "Basic " + base64.StdEncoding.EncodeToString([]byte("foo:bar"))

-       m := martini.New()
+       m := martini.Classic()
        m.Use(Basic("foo", "bar"))
        m.Use(func(res http.ResponseWriter, req *http.Request, u User) {
                res.Write([]byte("hello " + u))
        })
+       m.Get("/foo", func() string {
+               return "bar"
+       })

        r, _ := http.NewRequest("GET", "foo", nil)

If the "public/foo" file exists, tests fail with this:

$ go test
[martini] Started GET foo for
[martini] [Static] Serving foo
[martini] Completed 200 OK in 5.934997ms
[martini] Started GET foo for
[martini] [Static] Serving foo
[martini] Completed 200 OK in 43.234µs
--- FAIL: Test_BasicAuth (0.01s)
    basic_test.go:30: Response not 401
    basic_test.go:46: Auth failed, got:
FAIL
exit status 1
FAIL    github.com/martini-contrib/auth 0.013s

If "public/foo" does not exist, tests pass:

$ go test
[martini] Started GET foo for
[martini] Completed 401 Unauthorized in 92.823µs
[martini] Started GET foo for
[martini] Completed 200 OK in 15.74µs
PASS
ok      github.com/martini-contrib/auth 0.007s

go get github.com/martini-contrib/auth

github.com/martini-contrib/auth

src/github.com/martini-contrib/auth/util.go:10: undefined: sha256.Sum256
src/github.com/martini-contrib/auth/util.go:11: undefined: sha256.Sum256

Ubuntu 13.10 64Bits
Golang 1.2

more conversation here:

https://github.com/codegangsta/martini-contrib/issues/85

We could either do this with an additional argument (which I would not be easily backwards-compatible), or with a global var Realm, and let users set auth.Realm = "My Website". The latter does smell bad but it would not break any existing code.

Thoughts?

from @nimajalali

I'm finalizing a HMAC based auth handler. Using Amazon S3 signed and authorized model, more info here.

I use it for server to server communication where a pre shared secret is possible. The handler adds to the S3 model by enabling the use of a nonce.

Should this be under the auth package, possibly auth.HMAC? If so how should I go about adding info to the auth README?

Also, any thoughts on how to incorporate multiple auth handlers? For instance I have API endpoints that are accessed from servers as well as clients. I use this HMAC auth handler to handle server to server auth and another handler for session based auth. Today I have to create two separate endpoints to enable auth from either handler.