mirror of
https://github.com/minio/minio.git
synced 2025-01-25 21:53:16 -05:00
Handle authorization header better
This commit is contained in:
parent
2d5e1d3797
commit
19250296c6
@ -54,6 +54,10 @@ const (
|
|||||||
timeFormat = "20060102T150405Z"
|
timeFormat = "20060102T150405Z"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
authHeaderPrefix = "AWS4-HMAC-SHA256"
|
||||||
|
)
|
||||||
|
|
||||||
// strip auth from authorization header
|
// strip auth from authorization header
|
||||||
func stripAuth(r *http.Request) (*auth, error) {
|
func stripAuth(r *http.Request) (*auth, error) {
|
||||||
authHeader := r.Header.Get("Authorization")
|
authHeader := r.Header.Get("Authorization")
|
||||||
@ -61,23 +65,32 @@ func stripAuth(r *http.Request) (*auth, error) {
|
|||||||
return nil, errors.New("Missing auth header")
|
return nil, errors.New("Missing auth header")
|
||||||
}
|
}
|
||||||
a := new(auth)
|
a := new(auth)
|
||||||
authFields := strings.Fields(authHeader)
|
authFields := strings.Split(authHeader, ",")
|
||||||
if len(authFields) < 4 {
|
if len(authFields) != 3 {
|
||||||
return nil, errors.New("Missing fields in Auth header")
|
return nil, errors.New("Missing fields in Auth header")
|
||||||
}
|
}
|
||||||
a.prefix = authFields[0]
|
authPrefixFields := strings.Fields(authFields[0])
|
||||||
credentials := strings.Split(authFields[1], ",")[0]
|
if len(authPrefixFields) != 2 {
|
||||||
if len(credentials) < 2 {
|
|
||||||
return nil, errors.New("Missing fields in Auth header")
|
return nil, errors.New("Missing fields in Auth header")
|
||||||
}
|
}
|
||||||
signedheaders := strings.Split(authFields[2], ",")[0]
|
if authPrefixFields[0] != authHeaderPrefix {
|
||||||
if len(signedheaders) < 2 {
|
return nil, errors.New("Missing fields is Auth header")
|
||||||
|
}
|
||||||
|
credentials := strings.Split(authPrefixFields[1], "=")
|
||||||
|
if len(credentials) != 2 {
|
||||||
return nil, errors.New("Missing fields in Auth header")
|
return nil, errors.New("Missing fields in Auth header")
|
||||||
}
|
}
|
||||||
signature := authFields[3]
|
signedheaders := strings.Split(authFields[1], "=")
|
||||||
a.credential = strings.Split(credentials, "=")[1]
|
if len(signedheaders) != 2 {
|
||||||
a.signedheaders = strings.Split(signedheaders, "=")[1]
|
return nil, errors.New("Missing fields in Auth header")
|
||||||
a.signature = strings.Split(signature, "=")[1]
|
}
|
||||||
|
signature := strings.Split(authFields[2], "=")
|
||||||
|
if len(signature) != 2 {
|
||||||
|
return nil, errors.New("Missing fields in Auth header")
|
||||||
|
}
|
||||||
|
a.credential = credentials[1]
|
||||||
|
a.signedheaders = signedheaders[1]
|
||||||
|
a.signature = signature[1]
|
||||||
a.accessKey = strings.Split(a.credential, "/")[0]
|
a.accessKey = strings.Split(a.credential, "/")[0]
|
||||||
if !keys.IsValidAccessKey(a.accessKey) {
|
if !keys.IsValidAccessKey(a.accessKey) {
|
||||||
return nil, errors.New("Invalid access key")
|
return nil, errors.New("Invalid access key")
|
||||||
|
@ -39,6 +39,7 @@ type LogMessage struct {
|
|||||||
StartTime time.Time
|
StartTime time.Time
|
||||||
Duration time.Duration
|
Duration time.Duration
|
||||||
Status int
|
Status int
|
||||||
|
StatusText string
|
||||||
ResponseHeaders http.Header
|
ResponseHeaders http.Header
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -50,6 +51,7 @@ type LogWriter struct {
|
|||||||
|
|
||||||
// WriteHeader writes headers and stores status in LogMessage
|
// WriteHeader writes headers and stores status in LogMessage
|
||||||
func (w *LogWriter) WriteHeader(status int) {
|
func (w *LogWriter) WriteHeader(status int) {
|
||||||
|
w.LogMessage.StatusText = http.StatusText(status)
|
||||||
w.LogMessage.Status = status
|
w.LogMessage.Status = status
|
||||||
w.ResponseWriter.WriteHeader(status)
|
w.ResponseWriter.WriteHeader(status)
|
||||||
}
|
}
|
||||||
@ -69,12 +71,12 @@ func (h *logHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
|||||||
StartTime: time.Now().UTC(),
|
StartTime: time.Now().UTC(),
|
||||||
}
|
}
|
||||||
logWriter := &LogWriter{ResponseWriter: w, LogMessage: logMessage}
|
logWriter := &LogWriter{ResponseWriter: w, LogMessage: logMessage}
|
||||||
|
h.Handler.ServeHTTP(logWriter, req)
|
||||||
logMessage.ResponseHeaders = w.Header()
|
logMessage.ResponseHeaders = w.Header()
|
||||||
logMessage.Request = req
|
logMessage.Request = req
|
||||||
logMessage.Duration = time.Now().UTC().Sub(logMessage.StartTime)
|
logMessage.Duration = time.Now().UTC().Sub(logMessage.StartTime)
|
||||||
js, _ := json.Marshal(logMessage)
|
js, _ := json.Marshal(logMessage)
|
||||||
h.Logger <- string(js)
|
h.Logger <- string(js)
|
||||||
h.Handler.ServeHTTP(logWriter, req)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// LogHandler logs requests
|
// LogHandler logs requests
|
||||||
|
Loading…
x
Reference in New Issue
Block a user