preparing for the Iris control panel -- stay tuned when you hear my new project name 'cornea'

Former-commit-id: 8c0ada865ee17801efe90b197bf49bdbd55f636b

middleware/basicauth/basicauth.go

@@ -26,7 +26,11 @@ type (
 		// these are filled from the config.Users map at the startup
 		auth             encodedUsers
 		realmHeaderValue string
-		expireEnabled    bool // if the config.Expires is a valid date, default disabled
+
+		// The below can be removed but they are here because on the future we may add dynamic options for those two fields,
+		// it is a bit faster to check the b.$bool as well.
+		expireEnabled     bool // if the config.Expires is a valid date, default is disabled.
+		askHandlerEnabled bool // if the config.OnAsk is not nil, defaults to false.
 	}
 )
 
@@ -43,6 +47,7 @@ func New(c Config) context.Handler {
 	}
 	config.Users = c.Users
 	config.Expires = c.Expires
+	config.OnAsk = c.OnAsk
 
 	b := &basicAuthMiddleware{config: config}
 	b.init()
@@ -72,9 +77,8 @@ func (b *basicAuthMiddleware) init() {
 	// set the auth realm header's value
 	b.realmHeaderValue = "Basic realm=" + strconv.Quote(b.config.Realm)
 
-	if b.config.Expires > 0 {
-		b.expireEnabled = true
-	}
+	b.expireEnabled = b.config.Expires > 0
+	b.askHandlerEnabled = b.config.OnAsk != nil
 }
 
 func (b *basicAuthMiddleware) findAuth(headerValue string) (auth *encodedUser, found bool) {
@@ -96,6 +100,9 @@ func (b *basicAuthMiddleware) findAuth(headerValue string) (auth *encodedUser, f
 func (b *basicAuthMiddleware) askForCredentials(ctx context.Context) {
 	ctx.Header("WWW-Authenticate", b.realmHeaderValue)
 	ctx.StatusCode(iris.StatusUnauthorized)
+	if b.askHandlerEnabled {
+		b.config.OnAsk(ctx)
+	}
 }
 
 // Serve the actual middleware

middleware/basicauth/config.go

@@ -22,11 +22,31 @@ type Config struct {
 	Realm string
 	// Expires expiration duration, default is 0 never expires
 	Expires time.Duration
+
+	// OnAsk fires each time the server asks to the client for credentials in order to gain access and continue to the next handler.
+	//
+	// You could also ignore this option and
+	// - just add a listener for unauthorized status codes with:
+	// `app.OnErrorCode(iris.StatusUnauthorized, unauthorizedWantsAccessHandler)`
+	// - or register a middleware which will force `ctx.Next/or direct call`
+	// the basicauth middleware and check its `ctx.GetStatusCode()`.
+	//
+	// However, this option is very useful when you want the framework to fire a handler
+	// ONLY when the Basic Authentication sends an `iris.StatusUnauthorized`,
+	// and free the error code listener to catch other types of unauthorized access, i.e Kerberos.
+	// Also with this one, not recommended at all but, you are able to "force-allow" other users by calling the `ctx.StatusCode` inside this handler;
+	// i.e when it is possible to create authorized users dynamically but
+	// if that is the case then you should go with something like sessions instead of basic authentication.
+	//
+	// Usage: basicauth.New(basicauth.Config{..., OnAsk: unauthorizedWantsAccessViaBasicAuthHandler})
+	//
+	// Defaults to nil.
+	OnAsk context.Handler
 }
 
 // DefaultConfig returns the default configs for the BasicAuth middleware
 func DefaultConfig() Config {
-	return Config{make(map[string]string), DefaultBasicAuthRealm, 0}
+	return Config{make(map[string]string), DefaultBasicAuthRealm, 0, nil}
 }
 
 // User returns the user from context key same as  ctx.Request().BasicAuth().