First the setAuthHandler() function is set to the onNotFound implementation.
server.onNotFound([]() {
setAuthHandler();
});
void setAuthHandler() {
String authHeader = server.header("Authorization");
Serial.println("Server Auth header " + authHeader);
if (authHeader.equals("")) {
server.sendHeader("WWW-Authenticate", "Basic realm=\"Restricted Area\"");
server.send(401, "text/plain", "404: Unauthorized");
}
String base64FromHeader = authHeader.substring(authHeader.indexOf(' ') + 1);
if (strcmp(localBase64, base64FromHeader) == 0) {
if (!handleFileRead(server.uri())) {
server.send(404, "text/plain", "404: Not Found");
}
} else {
server.sendHeader("WWW-Authenticate", "Basic realm=\"Restricted Area\"");
server.send(401, "text/plain", "404: Unauthorized");
}
}
A Basic HTTP-Auth header is encoded in base64 and has the following syntax
Basic user:password
String base64FromHeader = authHeader.substring(authHeader.indexOf(' ') + 1);
if (strcmp(localBase64, base64FromHeader) == 0) {
....
server.sendHeader("WWW-Authenticate", "Basic realm=\"Restricted Area\"");
server.send(401, "text/plain", "404: Unauthorized");