GoAhead 登陆配置文件的坑

GoAhead提供了通过配置文件实现简单登陆以及权限控制功能，本来是一个极其简单的功能，但是却还是有两个坑：

1. 配置文件需要以空行结尾

   通过代码websLoad("auth.txt") 加载的配置文件，最后一行一定要是一个空行，不然就会有问题。

2. 密码的加密方式

   通过翻看代码：

PUBLIC bool websVerifyPasswordFromFile(Webs *wp)
{
    char    passbuf[ME_GOAHEAD_LIMIT_PASSWORD * 3 + 3];
    bool    success;

    assert(wp);
    if (!wp->user && (wp->user = websLookupUser(wp->username)) == 0) {
        trace(5, "verifyUser: Unknown user \"%s\"", wp->username);
        return 0;
    }
    /*
        Verify the password. If using Digest auth, we compare the digest of the password.
        Otherwise we encode the plain-text password and compare that
     */
    if (!wp->encoded) {
        fmt(passbuf, sizeof(passbuf), "%s:%s:%s", wp->username, ME_GOAHEAD_REALM, wp->password);
        wfree(wp->password);
        wp->password = websMD5(passbuf);
        wp->encoded = 1;
    }
    if (wp->digest) {
        success = smatch(wp->password, wp->digest);
    } else {
        success = smatch(wp->password, wp->user->password);
    }
    if (success) {
        trace(5, "User \"%s\" authenticated", wp->username);
    } else {
        trace(5, "Password for user \"%s\" failed to authenticate", wp->username);
    }
    return success;
}

可以看到，密码的加密方式为 username：ME_GOAHEAD_REALM:password 这个字符串的MD5码。其中 ME_GOAHEAD_REALM 的定义如下：

#ifndef ME_GOAHEAD_REALM
    #define ME_GOAHEAD_REALM "example.com"
#endif