From 89801782fbf19ad81da368915a0332bf44e9b79d Mon Sep 17 00:00:00 2001
From: Bel LaPointe <153096461+breel-render@users.noreply.github.com>
Date: Mon, 23 Feb 2026 17:53:35 -0700
Subject: [PATCH] accept -u to set Basic Auth on forwarded req

---
 main.go      | 22 ++++++++++++++--------
 main_test.go |  2 +-
 2 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/main.go b/main.go
index e8e6fc9..a14be1a 100644
--- a/main.go
+++ b/main.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"context"
 	"database/sql"
+	"encoding/base64"
 	"encoding/json"
 	"flag"
 	"io"
@@ -27,9 +28,10 @@ var httpc = &http.Client{
 }
 
 type Handler struct {
-	tmpl        *template.Template
-	target      *url.URL
-	idempotency *sql.DB
+	tmpl            *template.Template
+	target          *url.URL
+	targetBasicAuth string
+	idempotency     *sql.DB
 }
 
 func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -57,7 +59,7 @@ func (h Handler) serveHTTP(w http.ResponseWriter, r *http.Request) error {
 		log.Println("!", err)
 	}
 
-	resp, err := proxy(h.target, r, io.NopCloser(bytes.NewReader(b)))
+	resp, err := proxy(h.target, h.targetBasicAuth, r, io.NopCloser(bytes.NewReader(b)))
 	if err != nil {
 		return err
 	}
@@ -79,16 +81,17 @@ func main() {
 	p := fs.Int("p", 28080, "port")
 	t := fs.String("t", "{{ . }}", "template")
 	y := fs.String("y", "http://localhost:41912", "target")
+	targetBasicAuth := fs.String("u", "", "user:pass target-basic-auth")
 	db := fs.String("db", "/tmp/json-adapter.db", "sqlite db for idempotency")
 	if err := fs.Parse(os.Args[1:]); err != nil {
 		panic(err)
 	}
-	if err := run(*p, *t, *y, *db); err != nil {
+	if err := run(*p, *t, *y, *targetBasicAuth, *db); err != nil {
 		panic(err)
 	}
 }
 
-func run(p int, t string, y string, db string) error {
+func run(p int, t string, y string, targetBasicAuth string, db string) error {
 	idempotency, err := sql.Open("sqlite", db)
 	if err != nil {
 		return err
@@ -109,8 +112,8 @@ func run(p int, t string, y string, db string) error {
 	if err != nil {
 		return err
 	}
+	h := Handler{tmpl: tmpl, target: u, targetBasicAuth: targetBasicAuth, idempotency: idempotency}
 
-	h := Handler{tmpl: tmpl, target: u, idempotency: idempotency}
 	log.Println("listening on", p)
 	return http.ListenAndServe(":"+strconv.Itoa(p), h)
 }
@@ -130,11 +133,14 @@ func adapt(r io.Reader, tmpl *template.Template) ([]byte, error) {
 	return buff.Bytes(), nil
 }
 
-func proxy(u *url.URL, r *http.Request, rc io.ReadCloser) (*http.Response, error) {
+func proxy(u *url.URL, targetBasicAuth string, r *http.Request, rc io.ReadCloser) (*http.Response, error) {
 	req, err := http.NewRequest(r.Method, u.String(), rc)
 	if err != nil {
 		return nil, err
 	}
+	if targetBasicAuth != "" {
+		req.Header.Set("Authorization", "Basic "+base64.URLEncoding.EncodeToString([]byte(targetBasicAuth)))
+	}
 
 	req = req.WithContext(r.Context())
 	for k, v := range r.Header {
diff --git a/main_test.go b/main_test.go
index d0852af..2b95c47 100644
--- a/main_test.go
+++ b/main_test.go
@@ -45,7 +45,7 @@ func TestRun(t *testing.T) {
 	}
 
 	go func() {
-		if err := run(p, tmpl, y, db); err != nil {
+		if err := run(p, tmpl, y, "", db); err != nil {
 			t.Fatal(err)
 		}
 	}()