diff --git a/pkg/api/api_generic_handlers.go b/pkg/api/api_generic_handlers.go index 139a12cc3..4b2e224a3 100644 --- a/pkg/api/api_generic_handlers.go +++ b/pkg/api/api_generic_handlers.go @@ -54,6 +54,10 @@ const ( timeFormat = "20060102T150405Z" ) +const ( + authHeaderPrefix = "AWS4-HMAC-SHA256" +) + // strip auth from authorization header func stripAuth(r *http.Request) (*auth, error) { authHeader := r.Header.Get("Authorization") @@ -61,23 +65,32 @@ func stripAuth(r *http.Request) (*auth, error) { return nil, errors.New("Missing auth header") } a := new(auth) - authFields := strings.Fields(authHeader) - if len(authFields) < 4 { + authFields := strings.Split(authHeader, ",") + if len(authFields) != 3 { return nil, errors.New("Missing fields in Auth header") } - a.prefix = authFields[0] - credentials := strings.Split(authFields[1], ",")[0] - if len(credentials) < 2 { + authPrefixFields := strings.Fields(authFields[0]) + if len(authPrefixFields) != 2 { return nil, errors.New("Missing fields in Auth header") } - signedheaders := strings.Split(authFields[2], ",")[0] - if len(signedheaders) < 2 { + if authPrefixFields[0] != authHeaderPrefix { + return nil, errors.New("Missing fields is Auth header") + } + credentials := strings.Split(authPrefixFields[1], "=") + if len(credentials) != 2 { return nil, errors.New("Missing fields in Auth header") } - signature := authFields[3] - a.credential = strings.Split(credentials, "=")[1] - a.signedheaders = strings.Split(signedheaders, "=")[1] - a.signature = strings.Split(signature, "=")[1] + signedheaders := strings.Split(authFields[1], "=") + if len(signedheaders) != 2 { + return nil, errors.New("Missing fields in Auth header") + } + signature := strings.Split(authFields[2], "=") + if len(signature) != 2 { + return nil, errors.New("Missing fields in Auth header") + } + a.credential = credentials[1] + a.signedheaders = signedheaders[1] + a.signature = signature[1] a.accessKey = strings.Split(a.credential, "/")[0] if !keys.IsValidAccessKey(a.accessKey) { return nil, errors.New("Invalid access key") diff --git a/pkg/api/logging/logging.go b/pkg/api/logging/logging.go index b66270b2b..88ef3b117 100644 --- a/pkg/api/logging/logging.go +++ b/pkg/api/logging/logging.go @@ -39,6 +39,7 @@ type LogMessage struct { StartTime time.Time Duration time.Duration Status int + StatusText string ResponseHeaders http.Header } @@ -50,6 +51,7 @@ type LogWriter struct { // WriteHeader writes headers and stores status in LogMessage func (w *LogWriter) WriteHeader(status int) { + w.LogMessage.StatusText = http.StatusText(status) w.LogMessage.Status = status w.ResponseWriter.WriteHeader(status) } @@ -69,12 +71,12 @@ func (h *logHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { StartTime: time.Now().UTC(), } logWriter := &LogWriter{ResponseWriter: w, LogMessage: logMessage} + h.Handler.ServeHTTP(logWriter, req) logMessage.ResponseHeaders = w.Header() logMessage.Request = req logMessage.Duration = time.Now().UTC().Sub(logMessage.StartTime) js, _ := json.Marshal(logMessage) h.Logger <- string(js) - h.Handler.ServeHTTP(logWriter, req) } // LogHandler logs requests