mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
UI: implement SetAuth/GenerateAuth handlers for changing credentials.
This commit is contained in:
parent
186998ad99
commit
5201905ad0
11
routers.go
11
routers.go
@ -48,17 +48,14 @@ func configureServerHandler(filesystem fs.Filesystem) http.Handler {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Initialize minio client for AWS Signature Version '4'
|
// Initialize minio client for AWS Signature Version '4'
|
||||||
disableSSL := !isSSL() // Insecure true when SSL is false.
|
insecure := !isSSL() // Insecure true when SSL is false.
|
||||||
client, e := minio.NewV4(net.JoinHostPort(host, port), cred.AccessKeyID, cred.SecretAccessKey, disableSSL)
|
client, e := minio.NewV4(net.JoinHostPort(host, port), cred.AccessKeyID, cred.SecretAccessKey, insecure)
|
||||||
fatalIf(probe.NewError(e), "Unable to initialize minio client", nil)
|
fatalIf(probe.NewError(e), "Unable to initialize minio client", nil)
|
||||||
|
|
||||||
// Initialize Web.
|
// Initialize Web.
|
||||||
web := &webAPI{
|
web := &webAPI{
|
||||||
FSPath: filesystem.GetRootPath(),
|
FSPath: filesystem.GetRootPath(),
|
||||||
Client: client,
|
Client: client,
|
||||||
apiAddress: addr,
|
|
||||||
accessKeyID: cred.AccessKeyID,
|
|
||||||
secretAccessKey: cred.SecretAccessKey,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Initialize router.
|
// Initialize router.
|
||||||
|
@ -18,6 +18,7 @@ package main
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"net"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
@ -33,6 +34,7 @@ import (
|
|||||||
"github.com/gorilla/rpc/v2/json2"
|
"github.com/gorilla/rpc/v2/json2"
|
||||||
"github.com/minio/minio-go"
|
"github.com/minio/minio-go"
|
||||||
"github.com/minio/minio/pkg/disk"
|
"github.com/minio/minio/pkg/disk"
|
||||||
|
"github.com/minio/minio/pkg/probe"
|
||||||
"github.com/minio/miniobrowser"
|
"github.com/minio/miniobrowser"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -52,6 +54,10 @@ func isJWTReqAuthenticated(req *http.Request) bool {
|
|||||||
return token.Valid
|
return token.Valid
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GenericArgs - empty struct for calls that don't accept arguments
|
||||||
|
// for ex. ServerInfo, GenerateAuth
|
||||||
|
type GenericArgs struct{}
|
||||||
|
|
||||||
// GenericRep - reply structure for calls for which reply is success/failure
|
// GenericRep - reply structure for calls for which reply is success/failure
|
||||||
// for ex. RemoveObject MakeBucket
|
// for ex. RemoveObject MakeBucket
|
||||||
type GenericRep struct {
|
type GenericRep struct {
|
||||||
@ -210,7 +216,6 @@ func (web *webAPI) ListObjects(r *http.Request, args *ListObjectsArgs, reply *Li
|
|||||||
}
|
}
|
||||||
doneCh := make(chan struct{})
|
doneCh := make(chan struct{})
|
||||||
defer close(doneCh)
|
defer close(doneCh)
|
||||||
|
|
||||||
for object := range web.Client.ListObjects(args.BucketName, args.Prefix, false, doneCh) {
|
for object := range web.Client.ListObjects(args.BucketName, args.Prefix, false, doneCh) {
|
||||||
if object.Err != nil {
|
if object.Err != nil {
|
||||||
return &json2.Error{Message: object.Err.Error()}
|
return &json2.Error{Message: object.Err.Error()}
|
||||||
@ -258,8 +263,8 @@ func (web *webAPI) PutObjectURL(r *http.Request, args *PutObjectURLArgs, reply *
|
|||||||
|
|
||||||
// disableSSL is true if no 'https:' proto is found.
|
// disableSSL is true if no 'https:' proto is found.
|
||||||
disableSSL := (args.TargetProto != "https:")
|
disableSSL := (args.TargetProto != "https:")
|
||||||
|
cred := serverConfig.GetCredential()
|
||||||
client, e := minio.New(args.TargetHost, web.accessKeyID, web.secretAccessKey, disableSSL)
|
client, e := minio.New(args.TargetHost, cred.AccessKeyID, cred.SecretAccessKey, disableSSL)
|
||||||
if e != nil {
|
if e != nil {
|
||||||
return &json2.Error{Message: e.Error()}
|
return &json2.Error{Message: e.Error()}
|
||||||
}
|
}
|
||||||
@ -300,8 +305,8 @@ func (web *webAPI) GetObjectURL(r *http.Request, args *GetObjectURLArgs, reply *
|
|||||||
|
|
||||||
// disableSSL is true if no 'https:' proto is found.
|
// disableSSL is true if no 'https:' proto is found.
|
||||||
disableSSL := (args.TargetProto != "https:")
|
disableSSL := (args.TargetProto != "https:")
|
||||||
|
cred := serverConfig.GetCredential()
|
||||||
client, e := minio.New(args.TargetHost, web.accessKeyID, web.secretAccessKey, disableSSL)
|
client, e := minio.New(args.TargetHost, cred.AccessKeyID, cred.SecretAccessKey, disableSSL)
|
||||||
if e != nil {
|
if e != nil {
|
||||||
return &json2.Error{Message: e.Error()}
|
return &json2.Error{Message: e.Error()}
|
||||||
}
|
}
|
||||||
@ -364,3 +369,77 @@ func (web *webAPI) Login(r *http.Request, args *LoginArgs, reply *LoginRep) erro
|
|||||||
}
|
}
|
||||||
return &json2.Error{Message: "Invalid credentials"}
|
return &json2.Error{Message: "Invalid credentials"}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GenerateAuthReply - reply for GenerateAuth
|
||||||
|
type GenerateAuthReply struct {
|
||||||
|
AccessKey string `json:"accessKey"`
|
||||||
|
SecretKey string `json:"secretKey"`
|
||||||
|
UIVersion string `json:"uiVersion"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func (web webAPI) GenerateAuth(r *http.Request, args *GenericArgs, reply *GenerateAuthReply) error {
|
||||||
|
if !isJWTReqAuthenticated(r) {
|
||||||
|
return &json2.Error{Message: "Unauthorized request"}
|
||||||
|
}
|
||||||
|
cred := mustGenAccessKeys()
|
||||||
|
reply.AccessKey = cred.AccessKeyID
|
||||||
|
reply.SecretKey = cred.SecretAccessKey
|
||||||
|
reply.UIVersion = miniobrowser.UIVersion
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetAuthArgs - argument for SetAuth
|
||||||
|
type SetAuthArgs struct {
|
||||||
|
AccessKey string `json:"accessKey"`
|
||||||
|
SecretKey string `json:"secretKey"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetAuthReply - reply for SetAuth
|
||||||
|
type SetAuthReply struct {
|
||||||
|
Token string `json:"token"`
|
||||||
|
UIVersion string `json:"uiVersion"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetAuth - Set accessKey and secretKey credentials.
|
||||||
|
func (web *webAPI) SetAuth(r *http.Request, args *SetAuthArgs, reply *SetAuthReply) error {
|
||||||
|
if !isJWTReqAuthenticated(r) {
|
||||||
|
return &json2.Error{Message: "Unauthorized request"}
|
||||||
|
}
|
||||||
|
if args.AccessKey == "" {
|
||||||
|
return &json2.Error{Message: "Empty access key not allowed"}
|
||||||
|
}
|
||||||
|
if args.SecretKey == "" {
|
||||||
|
return &json2.Error{Message: "Empty secret key not allowed"}
|
||||||
|
}
|
||||||
|
cred := credential{args.AccessKey, args.SecretKey}
|
||||||
|
serverConfig.SetCredential(cred)
|
||||||
|
if err := serverConfig.Save(); err != nil {
|
||||||
|
return &json2.Error{Message: err.Cause.Error()}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Split host port.
|
||||||
|
host, port, e := net.SplitHostPort(serverConfig.GetAddr())
|
||||||
|
fatalIf(probe.NewError(e), "Unable to parse web addess.", nil)
|
||||||
|
|
||||||
|
// Default host is 'localhost', if no host present.
|
||||||
|
if host == "" {
|
||||||
|
host = "localhost"
|
||||||
|
}
|
||||||
|
|
||||||
|
client, e := minio.NewV4(net.JoinHostPort(host, port), args.AccessKey, args.SecretKey, !isSSL())
|
||||||
|
if e != nil {
|
||||||
|
return &json2.Error{Message: e.Error()}
|
||||||
|
}
|
||||||
|
web.Client = client
|
||||||
|
jwt := initJWT()
|
||||||
|
if !jwt.Authenticate(args.AccessKey, args.SecretKey) {
|
||||||
|
return &json2.Error{Message: "Invalid credentials"}
|
||||||
|
}
|
||||||
|
token, err := jwt.GenerateToken(args.AccessKey)
|
||||||
|
if err != nil {
|
||||||
|
return &json2.Error{Message: err.Cause.Error()}
|
||||||
|
}
|
||||||
|
reply.Token = token
|
||||||
|
reply.UIVersion = miniobrowser.UIVersion
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
@ -35,12 +35,6 @@ type webAPI struct {
|
|||||||
FSPath string
|
FSPath string
|
||||||
// Minio client instance.
|
// Minio client instance.
|
||||||
Client *minio.Client
|
Client *minio.Client
|
||||||
|
|
||||||
// private params.
|
|
||||||
apiAddress string // api destination address.
|
|
||||||
// credential kept to be used internally.
|
|
||||||
accessKeyID string
|
|
||||||
secretAccessKey string
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// indexHandler - Handler to serve index.html
|
// indexHandler - Handler to serve index.html
|
||||||
|
Loading…
Reference in New Issue
Block a user