mirror of
https://github.com/minio/minio.git
synced 2025-01-24 13:13:16 -05:00
Handle authorization header better
This commit is contained in:
parent
2d5e1d3797
commit
19250296c6
@ -54,6 +54,10 @@ const (
|
||||
timeFormat = "20060102T150405Z"
|
||||
)
|
||||
|
||||
const (
|
||||
authHeaderPrefix = "AWS4-HMAC-SHA256"
|
||||
)
|
||||
|
||||
// strip auth from authorization header
|
||||
func stripAuth(r *http.Request) (*auth, error) {
|
||||
authHeader := r.Header.Get("Authorization")
|
||||
@ -61,23 +65,32 @@ func stripAuth(r *http.Request) (*auth, error) {
|
||||
return nil, errors.New("Missing auth header")
|
||||
}
|
||||
a := new(auth)
|
||||
authFields := strings.Fields(authHeader)
|
||||
if len(authFields) < 4 {
|
||||
authFields := strings.Split(authHeader, ",")
|
||||
if len(authFields) != 3 {
|
||||
return nil, errors.New("Missing fields in Auth header")
|
||||
}
|
||||
a.prefix = authFields[0]
|
||||
credentials := strings.Split(authFields[1], ",")[0]
|
||||
if len(credentials) < 2 {
|
||||
authPrefixFields := strings.Fields(authFields[0])
|
||||
if len(authPrefixFields) != 2 {
|
||||
return nil, errors.New("Missing fields in Auth header")
|
||||
}
|
||||
signedheaders := strings.Split(authFields[2], ",")[0]
|
||||
if len(signedheaders) < 2 {
|
||||
if authPrefixFields[0] != authHeaderPrefix {
|
||||
return nil, errors.New("Missing fields is Auth header")
|
||||
}
|
||||
credentials := strings.Split(authPrefixFields[1], "=")
|
||||
if len(credentials) != 2 {
|
||||
return nil, errors.New("Missing fields in Auth header")
|
||||
}
|
||||
signature := authFields[3]
|
||||
a.credential = strings.Split(credentials, "=")[1]
|
||||
a.signedheaders = strings.Split(signedheaders, "=")[1]
|
||||
a.signature = strings.Split(signature, "=")[1]
|
||||
signedheaders := strings.Split(authFields[1], "=")
|
||||
if len(signedheaders) != 2 {
|
||||
return nil, errors.New("Missing fields in Auth header")
|
||||
}
|
||||
signature := strings.Split(authFields[2], "=")
|
||||
if len(signature) != 2 {
|
||||
return nil, errors.New("Missing fields in Auth header")
|
||||
}
|
||||
a.credential = credentials[1]
|
||||
a.signedheaders = signedheaders[1]
|
||||
a.signature = signature[1]
|
||||
a.accessKey = strings.Split(a.credential, "/")[0]
|
||||
if !keys.IsValidAccessKey(a.accessKey) {
|
||||
return nil, errors.New("Invalid access key")
|
||||
|
@ -39,6 +39,7 @@ type LogMessage struct {
|
||||
StartTime time.Time
|
||||
Duration time.Duration
|
||||
Status int
|
||||
StatusText string
|
||||
ResponseHeaders http.Header
|
||||
}
|
||||
|
||||
@ -50,6 +51,7 @@ type LogWriter struct {
|
||||
|
||||
// WriteHeader writes headers and stores status in LogMessage
|
||||
func (w *LogWriter) WriteHeader(status int) {
|
||||
w.LogMessage.StatusText = http.StatusText(status)
|
||||
w.LogMessage.Status = status
|
||||
w.ResponseWriter.WriteHeader(status)
|
||||
}
|
||||
@ -69,12 +71,12 @@ func (h *logHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
||||
StartTime: time.Now().UTC(),
|
||||
}
|
||||
logWriter := &LogWriter{ResponseWriter: w, LogMessage: logMessage}
|
||||
h.Handler.ServeHTTP(logWriter, req)
|
||||
logMessage.ResponseHeaders = w.Header()
|
||||
logMessage.Request = req
|
||||
logMessage.Duration = time.Now().UTC().Sub(logMessage.StartTime)
|
||||
js, _ := json.Marshal(logMessage)
|
||||
h.Logger <- string(js)
|
||||
h.Handler.ServeHTTP(logWriter, req)
|
||||
}
|
||||
|
||||
// LogHandler logs requests
|
||||
|
Loading…
x
Reference in New Issue
Block a user