Basic authentication

Use basic authentication

You can use basic authentication with -b to secure the web server. The format is -b user:password, where user can be empty like -b :password.

$ goshs -b secret-user:secret-password
WARNING[2024-07-04 18:01:46] You are using basic auth without SSL. Your credentials will be transferred in cleartext. Consider using -s, too. 
INFO   [2024-07-04 18:01:46] Using basic auth with user 'secret-user' and password 'secret-password' 
INFO   [2024-07-04 18:01:46] Download embedded file at: /example.txt?embedded 
INFO   [2024-07-04 18:01:46] Serving on interface lo bound to 127.0.0.1:8000 
INFO   [2024-07-04 18:01:46] Serving on interface eth0 bound to 10.137.0.27:8000 
INFO   [2024-07-04 18:01:46] Serving HTTP from /home/user                 

Connection without authentication:

$ curl -skIL 127.0.0.1:8000/
HTTP/1.1 401 Unauthorized
Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Restricted"
X-Content-Type-Options: nosniff
Date: Thu, 04 Jul 2024 14:01:17 GMT
Content-Length: 15

Connection with authentication:

$ curl -skIL --user "secret-user:secret-password" 127.0.0.1:8000/
HTTP/1.1 200 OK
Content-Type: application/json
Www-Authenticate: Basic realm="Restricted"
Date: Thu, 04 Jul 2024 14:01:08 GMT
Info

It is recommended to generate and use a hashed password using goshs -H to generate the hash and running goshs -b 'test:$2a$14$zQCKs8RTPVQEBKKvzDgrAur9DJ4MZ0hLYNjPymg3.RB8T8C/xIqpG' to start goshs with basic auth. Make sure to enclose the argument in single quotes to prevent the command breaking because of the $ signs in the password hash.