feat: Adding cookie support for basic auth

ViBiOh · ViBiOh · commit c60b0a07596f · 2026-01-19T17:50:21.000+01:00
Signed-off-by: Vincent Boutour &lt;bob@vibioh.fr&gt;
diff --git a/pkg/fibr/fibr.go b/pkg/fibr/fibr.go
@@ -15,6 +15,8 @@ import (
 	"github.com/ViBiOh/httputils/v4/pkg/renderer"
 )
 
+const authCookieName = "_auth"
+
 type Service struct {
 	login    provider.Auth
 	crud     provider.Crud
@@ -35,7 +37,7 @@ func New(crud provider.Crud, renderer *renderer.Service, share provider.ShareMan
 	}
 }
 
-func (s Service) parseRequest(r *http.Request) (provider.Request, error) {
+func (s Service) parseRequest(w http.ResponseWriter, r *http.Request) (provider.Request, error) {
 	ctx := r.Context()
 
 	request := provider.Request{
@@ -54,7 +56,7 @@ func (s Service) parseRequest(r *http.Request) (provider.Request, error) {
 		request.Path = "/" + request.Path
 	}
 
-	login, password, basicOK := r.BasicAuth()
+	login, password, basicOK, shouldUpdateCookie := s.getCredentials(r)
 
 	if err := s.parseShare(ctx, &request, password); err != nil {
 		return request, model.WrapUnauthorized(err)
@@ -95,6 +97,10 @@ func (s Service) parseRequest(r *http.Request) (provider.Request, error) {
 		return request, convertAuthenticationError(err)
 	}
 
+	if shouldUpdateCookie {
+		s.cookie.Set(ctx, w, authCookieName, login, password)
+	}
+
 	if s.login.IsAuthorized(ctx, user, "admin") {
 		request.CanEdit = true
 		request.CanShare = true
@@ -114,6 +120,20 @@ func parsePreferences(r *http.Request) provider.Preferences {
 	return provider.ParsePreferences(cookieValue)
 }
 
+func (s Service) getCredentials(r *http.Request) (string, string, bool, bool) {
+	login, password, ok := r.BasicAuth()
+	if ok {
+		return login, password, ok, true
+	}
+
+	claim, err := s.cookie.Get(r, authCookieName)
+	if err != nil {
+		return login, password, ok, false
+	}
+
+	return claim.Login, claim.Password, true, false
+}
+
 func (s Service) parseShare(ctx context.Context, request *provider.Request, password string) error {
 	share := s.share.Get(request.Filepath())
 	if share.IsZero() {
diff --git a/pkg/fibr/fibr_test.go b/pkg/fibr/fibr_test.go
@@ -413,7 +413,7 @@ func TestParseRequest(t *testing.T) {
 				loginMock.EXPECT().IsAuthorized(gomock.Any(), gomock.Any(), gomock.Any()).Return(true)
 			}
 
-			got, gotErr := tc.instance.parseRequest(tc.args.r)
+			got, gotErr := tc.instance.parseRequest(httptest.NewRecorder(), tc.args.r)
 
 			failed := false
 
diff --git a/pkg/fibr/renderer.go b/pkg/fibr/renderer.go
@@ -79,7 +79,7 @@ func (s Service) TemplateFunc(w http.ResponseWriter, r *http.Request) (renderer.
 		return renderer.Page{}, nil
 	}
 
-	request, err := s.parseRequest(r)
+	request, err := s.parseRequest(w, r)
 	if err != nil {
 		if errors.Is(err, model.ErrUnauthorized) {
 			w.Header().Add("WWW-Authenticate", `Basic realm="fibr" charset="UTF-8"`)

Original file line number	Diff line number	Diff line change
`@@ -413,7 +413,7 @@ func TestParseRequest(t *testing.T) {`
`413`	`413`	`loginMock.EXPECT().IsAuthorized(gomock.Any(), gomock.Any(), gomock.Any()).Return(true)`
`414`	`414`	`}`
`415`	`415`
`416`		`- got, gotErr := tc.instance.parseRequest(tc.args.r)`
	`416`	`+ got, gotErr := tc.instance.parseRequest(httptest.NewRecorder(), tc.args.r)`
`417`	`417`
`418`	`418`	`failed := false`
`419`	`419`
Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@ func (s Service) TemplateFunc(w http.ResponseWriter, r *http.Request) (renderer.`
`79`	`79`	`return renderer.Page{}, nil`
`80`	`80`	`}`
`81`	`81`
`82`		`- request, err := s.parseRequest(r)`
	`82`	`+ request, err := s.parseRequest(w, r)`
`83`	`83`	`if err != nil {`
`84`	`84`	`if errors.Is(err, model.ErrUnauthorized) {`
`85`	`85`	w.Header().Add("WWW-Authenticate", `Basic realm="fibr" charset="UTF-8"`)