read authfile once only
Read the authfile upon initial server start and store the auth keys in the auth struct, rather than reading the file for each page load.
This commit is contained in:
parent
3c9e260926
commit
cc4e2ca0d9
37
auth.go
37
auth.go
@ -3,6 +3,7 @@ package main
|
|||||||
import (
|
import (
|
||||||
"bufio"
|
"bufio"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
@ -27,32 +28,25 @@ type AuthOptions struct {
|
|||||||
type auth struct {
|
type auth struct {
|
||||||
successHandler http.Handler
|
successHandler http.Handler
|
||||||
failureHandler http.Handler
|
failureHandler http.Handler
|
||||||
|
authKeys []string
|
||||||
o AuthOptions
|
o AuthOptions
|
||||||
}
|
}
|
||||||
|
|
||||||
func checkAuth(authFile string, decodedAuth []byte) (result bool, err error) {
|
func checkAuth(authKeys []string, decodedAuth []byte) (result bool, err error) {
|
||||||
f, err := os.Open(authFile)
|
|
||||||
if err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
checkKey, err := scrypt.Key([]byte(decodedAuth), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen)
|
checkKey, err := scrypt.Key([]byte(decodedAuth), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
encodedKey := base64.StdEncoding.EncodeToString(checkKey)
|
encodedKey := base64.StdEncoding.EncodeToString(checkKey)
|
||||||
|
for _, v := range authKeys {
|
||||||
scanner := bufio.NewScanner(bufio.NewReader(f))
|
if encodedKey == v {
|
||||||
for scanner.Scan() {
|
|
||||||
if encodedKey == scanner.Text() {
|
|
||||||
result = true
|
result = true
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
result = false
|
result = false
|
||||||
err = scanner.Err()
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -75,7 +69,7 @@ func (a auth) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
result, err := checkAuth(a.o.AuthFile, decodedAuth)
|
result, err := checkAuth(a.authKeys, decodedAuth)
|
||||||
if err != nil || !result {
|
if err != nil || !result {
|
||||||
a.failureHandler.ServeHTTP(w, r)
|
a.failureHandler.ServeHTTP(w, r)
|
||||||
return
|
return
|
||||||
@ -85,10 +79,29 @@ func (a auth) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func UploadAuth(o AuthOptions) func(http.Handler) http.Handler {
|
func UploadAuth(o AuthOptions) func(http.Handler) http.Handler {
|
||||||
|
var authKeys []string
|
||||||
|
|
||||||
|
f, err := os.Open(o.AuthFile)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal("Failed to open authfile: ", err)
|
||||||
|
}
|
||||||
|
defer f.Close()
|
||||||
|
|
||||||
|
scanner := bufio.NewScanner(f)
|
||||||
|
for scanner.Scan() {
|
||||||
|
authKeys = append(authKeys, scanner.Text())
|
||||||
|
}
|
||||||
|
|
||||||
|
err = scanner.Err()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal("Scanner error while reading authfile: ", err)
|
||||||
|
}
|
||||||
|
|
||||||
fn := func(h http.Handler) http.Handler {
|
fn := func(h http.Handler) http.Handler {
|
||||||
return auth{
|
return auth{
|
||||||
successHandler: h,
|
successHandler: h,
|
||||||
failureHandler: http.HandlerFunc(badAuthorizationHandler),
|
failureHandler: http.HandlerFunc(badAuthorizationHandler),
|
||||||
|
authKeys: authKeys,
|
||||||
o: o,
|
o: o,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user