Squashed commit of the following:

commit 97ddb08
Author: ajmandourah <[email protected]>
Date:   Wed Oct 16 17:12:19 2024 +0300

    update readme

commit 36ff87e
Author: ajmandourah <[email protected]>
Date:   Wed Oct 16 17:07:40 2024 +0300

    update readme

commit 96548d9
Author: ajmandourah <[email protected]>
Date:   Wed Oct 16 15:35:05 2024 +0300

    refactoring and cleanups

commit e43f60f
Author: ajmandourah <[email protected]>
Date:   Wed Oct 16 15:08:17 2024 +0300

    fix content wont download

commit 48fc286
Author: ajmandourah <[email protected]>
Date:   Wed Oct 16 14:38:35 2024 +0300

    fix content wont download

commit e9f2fb3
Author: ajmandourah <[email protected]>
Date:   Wed Oct 16 12:55:33 2024 +0300

    Implemented httpAuth inside of tinshop-ng

README.md

@@ -4,6 +4,32 @@ Your own personal shop right into tinfoil!<br><br>
 
 </div>
 
+- [Why A Next Generation](#why-a-next-generation)
+- [What is New Here?](#what-is-new-here-)
+- [⚠️ Disclaimer](#---disclaimer)
+- [🎮 Use](#---use)
+- [🎉 Features](#---features)
+  * [🏳️ Filtering](#----filtering)
+- [Configuration](#configuration)
+- [🐋 Docker](#---docker)
+  * [Using HAUTH for your site](#using-hauth-for-your-site)
+  * [Some notes about basic auth](#some-notes-about-basic-auth)
+  * [🥍 Want to do cross-build generation?](#---want-to-do-cross-build-generation-)
+  * [Tips for faster processing especially when using cloud shares ie Rclone](#tips-for-faster-processing-especially-when-using-cloud-shares-ie-rclone)
+- [👂🏻 Q & A](#-----q---a)
+  * [Why use this instead of `X` (NUT or others software)?](#why-use-this-instead-of--x---nut-or-others-software--)
+  * [Where do I put my games?](#where-do-i-put-my-games-)
+  * [Can I set up a `https` endpoint?](#can-i-set-up-a--https--endpoint-)
+    + [Example for caddy](#example-for-caddy)
+    + [Example for traefik](#example-for-traefik)
+  * [How can I add a `basic auth` to protect my shop?](#how-can-i-add-a--basic-auth--to-protect-my-shop-)
+  * [I have tons of missing title displayed in `tinfoil`, what should I do?](#i-have-tons-of-missing-title-displayed-in--tinfoil---what-should-i-do-)
+  * [Why I still get `NCA signature verification failed` error in `tinfoil` and nothing in `tinshop`?](#why-i-still-get--nca-signature-verification-failed--error-in--tinfoil--and-nothing-in--tinshop--)
+  * [`tinfoil` does not display the name of the game but the file name, what should I do?](#-tinfoil--does-not-display-the-name-of-the-game-but-the-file-name--what-should-i-do-)
+- [🙏 Credits](#---credits)
+- [Todo](#todo)
+
+
 # Why A Next Generation
 
 This is a take on the original Tinshop repo originally by [DblK](https://github.com/DblK/tinshop). 
@@ -173,6 +199,11 @@ security:
   forwardAuth: https://auth.tinshop.com/switch
   # Hauth code you obtain from tinfoil. This is unique to your domain and help protect against forged requests
   hauth: XXXXXXXXXXXXX
+  # HttpAuth. basic http authentication. This is a username:password list. password is hashed using bcrypt. 
+  httpauth:
+    - admin:$2a$12$kWcAoawo7z7A1X3DaL4thOBWmbSpjgNULfndNOXflyctGw/BO0yrG # admin:admin
+    - test:$2a$12$lpZ8JX1a34opuMbKmr96POm8hckLh8MTRZ2ZECkiIviNM4V07N.42  # test:test
+
 
 # This section describe all custom title db to show up properly in tinfoil
 customTitledb:
@@ -236,7 +267,7 @@ All of the settings in the `config.yaml` file are valid Environment Variables. T
 | TINSHOP_SECURITY_BLACKLIST   | sources.blacklist   | `null`                         | `NSWID4 NSWID5 NSWID6`            |
 | TINSHOP_SECURITY_FORWARDAUTH | sources.forwardAuth | `null`                         | `https://auth.tinshop.com/switch` |
 
-## Using HAUTH for your site
+# Using HAUTH for your site
 
 Hauth is signature of the request Url scheme and hostname is sent via "HAUTH: XXXXXXXXXXXXXX" header. This value is unique to your domain, and helps prevent forged requests.
 To use it with Tinshop-ng do the following:
@@ -248,16 +279,44 @@ To use it with Tinshop-ng do the following:
 - All done. any requests from any client other than tinfoil will need to have this secret code inside otherwise it won't accept connections. you can test it out by inputting a false code.
 - To cancel hauth verification comment its part in the config.yaml file.
 
-## Some notes about basic auth
+# Basic Http Auth
 
-Basic auth is umm 'basic' and it has its limitation. some characthers like @ and $ cannot be used as it will mess up the url. stick to alphanumerical long passwords for the time being. 
+Basic Http authentication is supported by one of 2 ways. If you are using one please disable the other one :
+- ForwardAuth, where you delegate the authentication to another path/subdomain. You need to know what you are doing.
+- The implemented Http auth method.
+
+## ForwardAuth
+
+This is an example that you can follow in caddy. Other reverse proxy services may differ but the concept is the same 
+```
+ tinshop-ng.example.com {
+
+         reverse_proxy tinshop-ng:3000 {
+         }
+         handle /auth* {
+                basic_auth {
+                      test $2a$12$lpZ8JX1a34opuMbKmr96POm8hckLh8MTRZ2ZECkiIviNM4V07N.42
+                         }
+
+                 respond 200
+         }
+ }
+```
+You should issue a 200 response as tinfoil won't accept otherwise.
+Lastly you should enable the `forwardAuth` option in the config file.
+
+## Implemented Http Auth
 
-## 🥍 Want to do cross-build generation?
+This is by far easier than forwardAuth. you just need to uncomment the option in your config file
+Notice that the entries under `httpauth` are preceeded by `-` indicating its a list, that means you can add multiple users to your interface.
 
-Wanting to generate all possible os binaries (macOS, linux, windows) with all architectures (arm, amd64)?  
-Here is the command `goreleaser release --snapshot --skip-publish --rm-dist`.
+Password should be hashed with `bcrypt`. Please don't put passwords in cleartext as they won't work . Use any bcrypt generator to generat the hash from your password. 
+
+# Some notes about basic auth
+
+Basic auth is umm 'basic' and it has its limitation. some characthers like @ and $ cannot be used as it will mess up the url. stick to alphanumerical long passwords for the time being. 
 
-## Tips for faster processing especially when using cloud shares ie Rclone
+# Tips for faster processing especially when using cloud shares ie Rclone
 
 If you are going to use rclone or similar cloud storage solutions as your source of content here are some tips:
 - make sure all your contents are in one folder without them being in subfolders. As for every subfolder rclone will need to fetch a list of every file in it. this can take long time especially with large number of folders.

config.example.yaml

@@ -1,5 +1,5 @@
 # Name of the host [optional]
-host: tinshop.example.com
+host: tinshop-ng.example.com
 
 # Protocol (Can be http or https) [optional]
 # If you use "https" then you should set up a reverse-proxy in front to handle tls
@@ -9,7 +9,7 @@ protocol: https
 # keys [optional]
 # This is a fallback in case parsing failed due to bad rename pattern. slower than parsing but more accurate in captureing content information.
 # a full path to the key should be provided. [use /data as the path if you are using docker]
-#keys: prod.keys
+keys: prod.keys
 
 # renameFiles [optional] [keys must be present if true otherwise will do nothing]
 # this will rename files that is misrenamed somehow by appending the title id and version to the end of the file. this may result in duplicate ids in the file name
@@ -23,15 +23,15 @@ renameFiles: false
 
 # Shop name [optional]
 # This is used as title when trying to visit the shop with a non switch device
-name: TinShop
+name: TinShop-ng
 
-# Tells if we are using a reverse proxy if front of tinshop [optional]
+# Tells if we are using a reverse proxy if front of tinshop-ng [optional]
 # This is used to rewrite correct url to download games when reverse proxy used
 reverseProxy: false
 
 # Welcome message on Switch [optional]
-# The default message will be "Welcome to your own TinShop!"
-welcomeMessage: "Welcome to your own TinShop!"
+# The default message will be "Welcome to your own TinShop-ng!"
+welcomeMessage: "Welcome to your own TinShop-ng!"
 # If you want to disable the welcome message, set it to true [optional]
 noWelcomeMessage: false
 
@@ -47,7 +47,7 @@ debug:
 
 # All actions related to NSP file will be stored here
 nsp:
-  # Tells if tinshop should verify the ticket inside NSP to ensure no issue with install
+  # Tells if tinshop-ng should verify the ticket inside NSP to ensure no issue with install
   # This will make processing really slow as every file will be opened for verification 
   checkVerified: false
 
@@ -70,27 +70,36 @@ security:
   # You can find the theme of a switch in the log upon access
   bannedTheme:
     - "0000000000000000000000000000000000000000000000000000000000000000"
+
   # List of switch uid to whitelist
   # If enabled then only switch in this area will be listed
   # You can find the uid of a switch in the log upon access
   whitelist:
     - TESTTESTTESTTESTTESTTESTTESTTESTTESTTESTTESTTESTTESTTESTTESTTEST
+
   # List of switch uid to blacklist
   # Block access to all switch present in this list
   # You can find the uid of a switch in the log upon access
   blacklist:
     - NOACCESSNOACCESSNOACCESSNOACCESSNOACCESSNOACCESSNOACCESSNOACCESS
+
   # Endpoint to which a query will be sent to verify user/password/uid to
   # Headers sent :
   # - Authorization: same as sent by switch
   # - Device-Id: Switch fingerprint
   # Response with status code other than 200 will be treated as failure
-  forwardAuth: https://auth.tinshop.com/switch
+  forwardAuth: https://auth.tinshop-ng.com/switch
+
+
+  # Basic Http Authentication. This is an indented list of username:password . password shoud be encrypted in bcrypt before adding . please don't use cleartext passwords
+  httpauth: 
+    - admin:$2a$12$kWcAoawo7z7A1X3DaL4thOBWmbSpjgNULfndNOXflyctGw/BO0yrG # admin:admin
+    - test:$2a$12$lpZ8JX1a34opuMbKmr96POm8hckLh8MTRZ2ZECkiIviNM4V07N.42  # test:test
 
   #Hauth verification:
   #This value is unique to your domain, and helps prevent forged requests.
   #fill this value with the value got from tinfoil. read the wiki for more information.
-  # hauth: XXXXXXXXXXXXXX 
+  hauth: XXXXXXXXXXXXXX 
 
 # This section describe all custom title db to show up properly in tinfoil
 customTitledb:

config/config.go

@@ -30,6 +30,8 @@ type security struct {
 	BannedTheme []string `mapstructure:"bannedTheme"`
 	ForwardAuth string   `mapstructure:"forwardAuth"`
 	Hauth       string   `mapstructure:"hauth"`
+	Httpauth    []string `mapstructure:"httpauth"`
+
 }
 
 type nsp struct {
@@ -366,6 +368,11 @@ func (cfg *Configuration) Get_Hauth() string {
 	return cfg.Security.Hauth
 }
 
+// get Httpauth list
+func (cfg *Configuration) Get_Httpauth() []string {
+	return cfg.Security.Httpauth
+}
+
 // IsBlacklisted tells if the uid is blacklisted or not
 func (cfg *Configuration) IsBlacklisted(uid string) bool {
 	if len(cfg.Security.Whitelist) != 0 {

go.mod

@@ -22,7 +22,8 @@ require (
 require (
 	github.com/go-logr/logr v1.2.4 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
@@ -35,10 +36,11 @@ require (
 	github.com/subosito/gotenv v1.4.2 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.8.0 // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/tools v0.9.3 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.25.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

go.sum

@@ -73,6 +73,8 @@ github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d h1:lBXNCxVENCipq4D1Is42JVOP4eQjlB8TQ6H69Yx5J9Q=
+github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -114,6 +116,7 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
 github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
@@ -229,6 +232,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
+golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -299,6 +304,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
 golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -359,6 +366,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
+golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -370,6 +379,8 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -424,6 +435,8 @@ golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM=
 golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

main.go

@@ -20,6 +20,7 @@ import (
 	"github.com/ajmandourah/tinshop-ng/sources"
 	"github.com/ajmandourah/tinshop-ng/stats"
 	"github.com/ajmandourah/tinshop-ng/utils"
+	"github.com/goji/httpauth"
 	"github.com/gorilla/mux"
 )
 
@@ -31,6 +32,7 @@ type TinShop struct {
 	Server *http.Server
 }
 
+var creds []string
 func main() {
 
 	// this is dirty. will leave it for now untill implemented correctly as there are some conflicts around the shop init
@@ -83,15 +85,30 @@ func createShop() TinShop {
 	var shop = &TinShop{}
 
 	shop.Shop = initShop()
+	creds = shop.Shop.Config.Get_Httpauth()
+
+	authOpts := httpauth.AuthOptions{
+		Realm: "Tinfoil",
+		AuthFunc: HttpAuthCheck,
+	}
 
 	r := mux.NewRouter()
-	r.HandleFunc("/", shop.HomeHandler)
+
+	authRoute := r.Methods(http.MethodGet).Subrouter()
+	authRoute.HandleFunc("/", shop.HomeHandler)
+	authRoute.HandleFunc("/{filter}", shop.FilteringHandler)
+	authRoute.HandleFunc("/{filter}/", shop.FilteringHandler)
+	authRoute.HandleFunc("/api/{endpoint}", shop.APIHandler)
+
 	r.HandleFunc("/games/{game}", shop.GamesHandler)
-	r.HandleFunc("/{filter}", shop.FilteringHandler)
-	r.HandleFunc("/{filter}/", shop.FilteringHandler)
-	r.HandleFunc("/api/{endpoint}", shop.APIHandler)
 	r.NotFoundHandler = http.HandlerFunc(notFound)
 	r.MethodNotAllowedHandler = http.HandlerFunc(notAllowed)
+
+
+	if len(shop.Shop.Config.Get_Httpauth()) != 0 {
+		authRoute.Use(httpauth.BasicAuth(authOpts))
+	}
+
 	// r.Use(shop.StatsMiddleware)
 	r.Use(shop.TinfoilMiddleware)
 	r.Use(shop.CORSMiddleware)
@@ -249,3 +266,4 @@ func (s *TinShop) StatsMiddleware(next http.Handler) http.Handler {
 		next.ServeHTTP(w, r)
 	})
 }
+

repository/interfaces.go

@@ -51,6 +51,7 @@ type Config interface {
 
 	ForwardAuthURL() string
 	Get_Hauth() string
+	Get_Httpauth() []string
 	IsBlacklisted(string) bool
 	IsWhitelisted(string) bool
 	IsBannedTheme(string) bool