Rename auth header to Linx-Api-Key and remove
b64encoding requirement for uploading with keys
This commit is contained in:
parent
6987edc0d8
commit
68653372ff
20
auth.go
20
auth.go
@ -6,13 +6,11 @@ import (
|
||||
"log"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"golang.org/x/crypto/scrypt"
|
||||
)
|
||||
|
||||
const (
|
||||
authPrefix = "Linx "
|
||||
scryptSalt = "linx-server"
|
||||
scryptN = 16384
|
||||
scryptr = 8
|
||||
@ -54,8 +52,8 @@ func readAuthKeys(authFile string) []string {
|
||||
return authKeys
|
||||
}
|
||||
|
||||
func checkAuth(authKeys []string, decodedAuth []byte) (result bool, err error) {
|
||||
checkKey, err := scrypt.Key([]byte(decodedAuth), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen)
|
||||
func checkAuth(authKeys []string, key string) (result bool, err error) {
|
||||
checkKey, err := scrypt.Key([]byte(key), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@ -79,19 +77,9 @@ func (a auth) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
authHeader := r.Header.Get("Authorization")
|
||||
if !strings.HasPrefix(authHeader, authPrefix) {
|
||||
a.failureHandler.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
key := r.Header.Get("Linx-Api-Key")
|
||||
|
||||
decodedAuth, err := base64.StdEncoding.DecodeString(authHeader[len(authPrefix):])
|
||||
if err != nil {
|
||||
a.failureHandler.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
|
||||
result, err := checkAuth(a.authKeys, decodedAuth)
|
||||
result, err := checkAuth(a.authKeys, key)
|
||||
if err != nil || !result {
|
||||
a.failureHandler.ServeHTTP(w, r)
|
||||
return
|
||||
|
@ -10,15 +10,15 @@ func TestCheckAuth(t *testing.T) {
|
||||
"vFpNprT9wbHgwAubpvRxYCCpA2FQMAK6hFqPvAGrdZo=",
|
||||
}
|
||||
|
||||
if r, err := checkAuth(authKeys, []byte("")); err != nil && r {
|
||||
if r, err := checkAuth(authKeys, ""); err != nil && r {
|
||||
t.Fatal("Authorization passed for empty key")
|
||||
}
|
||||
|
||||
if r, err := checkAuth(authKeys, []byte("thisisnotvalid")); err != nil && r {
|
||||
if r, err := checkAuth(authKeys, "thisisnotvalid"); err != nil && r {
|
||||
t.Fatal("Authorization passed for invalid key")
|
||||
}
|
||||
|
||||
if r, err := checkAuth(authKeys, []byte("haPVipRnGJ0QovA9nyqK")); err != nil && !r {
|
||||
if r, err := checkAuth(authKeys, "haPVipRnGJ0QovA9nyqK"); err != nil && !r {
|
||||
t.Fatal("Authorization failed for valid key")
|
||||
}
|
||||
}
|
||||
|
@ -139,6 +139,7 @@ func setup() *web.Mux {
|
||||
mux.Post("/upload/", uploadPostHandler)
|
||||
mux.Put("/upload", uploadPutHandler)
|
||||
mux.Put("/upload/:name", uploadPutHandler)
|
||||
|
||||
mux.Delete("/:name", deleteHandler)
|
||||
|
||||
mux.Get("/static/*", staticHandler)
|
||||
|
@ -139,9 +139,10 @@ func uploadPutHandler(c web.C, w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) {
|
||||
if Config.remoteAuthFile != "" {
|
||||
result, err := checkAuth(remoteAuthKeys, []byte(r.FormValue("key")))
|
||||
result, err := checkAuth(remoteAuthKeys, r.FormValue("key"))
|
||||
if err != nil || !result {
|
||||
unauthorizedHandler(c, w, r)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
// strict referrer checking is mandatory without remote auth keys
|
||||
|
Loading…
Reference in New Issue
Block a user