Basic authentication
Use basic authentication
You can use basic authentication with -b to secure the web server. The format is -b user:password, where user can be empty like -b :password.
$ goshs -b secret-user:secret-password
WARNING[2024-07-04 18:01:46] You are using basic auth without SSL. Your credentials will be transferred in cleartext. Consider using -s, too.
INFO [2024-07-04 18:01:46] Using basic auth with user 'secret-user' and password 'secret-password'
INFO [2024-07-04 18:01:46] Download embedded file at: /example.txt?embedded
INFO [2024-07-04 18:01:46] Serving on interface lo bound to 127.0.0.1:8000
INFO [2024-07-04 18:01:46] Serving on interface eth0 bound to 10.137.0.27:8000
INFO [2024-07-04 18:01:46] Serving HTTP from /home/user Connection without authentication:
$ curl -skIL 127.0.0.1:8000/
HTTP/1.1 401 Unauthorized
Content-Type: text/plain; charset=utf-8
Www-Authenticate: Basic realm="Restricted"
X-Content-Type-Options: nosniff
Date: Thu, 04 Jul 2024 14:01:17 GMT
Content-Length: 15Connection with authentication:
$ curl -skIL --user "secret-user:secret-password" 127.0.0.1:8000/
HTTP/1.1 200 OK
Content-Type: application/json
Www-Authenticate: Basic realm="Restricted"
Date: Thu, 04 Jul 2024 14:01:08 GMT Info
It is recommended to generate and use a hashed password using goshs -H to generate the hash and running goshs -b 'test:$2a$14$zQCKs8RTPVQEBKKvzDgrAur9DJ4MZ0hLYNjPymg3.RB8T8C/xIqpG' to start goshs with basic auth. Make sure to enclose the argument in single quotes to prevent the command breaking because of the $ signs in the password hash.