mirror of
https://github.com/minio/minio.git
synced 2025-01-12 23:43:22 -05:00
Generate auth now saves in ${HOME}/.minio/users.json, also authHandler verifies request validity
This commit is contained in:
parent
51d2d8e221
commit
8654ddb566
@ -34,7 +34,7 @@ type User struct {
|
|||||||
// Config auth keys
|
// Config auth keys
|
||||||
type Config struct {
|
type Config struct {
|
||||||
Version string
|
Version string
|
||||||
Users map[string]User
|
Users map[string]*User
|
||||||
}
|
}
|
||||||
|
|
||||||
// getAuthConfigPath get donut config file path
|
// getAuthConfigPath get donut config file path
|
||||||
@ -86,6 +86,7 @@ func LoadConfig() (*Config, error) {
|
|||||||
}
|
}
|
||||||
a := &Config{}
|
a := &Config{}
|
||||||
a.Version = "0.0.1"
|
a.Version = "0.0.1"
|
||||||
|
a.Users = make(map[string]*User)
|
||||||
qc, err := quick.New(a)
|
qc, err := quick.New(a)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, iodine.New(err, nil)
|
return nil, iodine.New(err, nil)
|
||||||
|
@ -21,6 +21,7 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
|
|
||||||
jsonrpc "github.com/gorilla/rpc/v2/json"
|
jsonrpc "github.com/gorilla/rpc/v2/json"
|
||||||
|
"github.com/minio/minio/pkg/auth"
|
||||||
"github.com/minio/minio/pkg/iodine"
|
"github.com/minio/minio/pkg/iodine"
|
||||||
"github.com/minio/minio/pkg/server/rpc"
|
"github.com/minio/minio/pkg/server/rpc"
|
||||||
)
|
)
|
||||||
@ -110,6 +111,17 @@ func GetAuthKeys(url string) ([]byte, error) {
|
|||||||
if err := jsonrpc.DecodeClientResponse(resp.Body, &reply); err != nil {
|
if err := jsonrpc.DecodeClientResponse(resp.Body, &reply); err != nil {
|
||||||
return nil, iodine.New(err, nil)
|
return nil, iodine.New(err, nil)
|
||||||
}
|
}
|
||||||
|
authConfig := &auth.Config{}
|
||||||
|
authConfig.Version = "0.0.1"
|
||||||
|
authConfig.Users = make(map[string]*auth.User)
|
||||||
|
user := &auth.User{}
|
||||||
|
user.Name = "testuser"
|
||||||
|
user.AccessKeyID = reply.AccessKeyID
|
||||||
|
user.SecretAccessKey = reply.SecretAccessKey
|
||||||
|
authConfig.Users[reply.AccessKeyID] = user
|
||||||
|
if err := auth.SaveConfig(authConfig); err != nil {
|
||||||
|
return nil, iodine.New(err, nil)
|
||||||
|
}
|
||||||
return json.MarshalIndent(reply, "", "\t")
|
return json.MarshalIndent(reply, "", "\t")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -19,14 +19,10 @@ package api
|
|||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
|
||||||
"os/user"
|
|
||||||
"path/filepath"
|
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/minio/minio/pkg/auth"
|
"github.com/minio/minio/pkg/auth"
|
||||||
"github.com/minio/minio/pkg/quick"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type contentTypeHandler struct {
|
type contentTypeHandler struct {
|
||||||
@ -182,57 +178,22 @@ func ValidateAuthHeaderHandler(h http.Handler) http.Handler {
|
|||||||
return validateAuthHandler{h}
|
return validateAuthHandler{h}
|
||||||
}
|
}
|
||||||
|
|
||||||
// User context
|
|
||||||
type User struct {
|
|
||||||
Version string
|
|
||||||
Name string
|
|
||||||
AccessKey string
|
|
||||||
SecretKey string
|
|
||||||
}
|
|
||||||
|
|
||||||
func getConfigFile() string {
|
|
||||||
u, err := user.Current()
|
|
||||||
if err != nil {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
confPath := filepath.Join(u.HomeDir, ".minio")
|
|
||||||
if err := os.MkdirAll(confPath, 0700); err != nil {
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
return filepath.Join(confPath, "users.json")
|
|
||||||
}
|
|
||||||
|
|
||||||
// validate auth header handler ServeHTTP() wrapper
|
// validate auth header handler ServeHTTP() wrapper
|
||||||
func (h validateAuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
func (h validateAuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
acceptsContentType := getContentType(r)
|
acceptsContentType := getContentType(r)
|
||||||
_, err := stripAuth(r)
|
ah, err := stripAuth(r)
|
||||||
switch err.(type) {
|
switch err.(type) {
|
||||||
case nil:
|
case nil:
|
||||||
users := make(map[string]User)
|
authConfig, err := auth.LoadConfig()
|
||||||
configFile := getConfigFile()
|
|
||||||
if configFile == "" {
|
|
||||||
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
qconf, err := quick.New(&users)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
|
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err := qconf.Save(configFile); err != nil {
|
_, ok := authConfig.Users[ah.accessKey]
|
||||||
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
|
if !ok {
|
||||||
|
writeErrorResponse(w, r, AccessDenied, acceptsContentType, r.URL.Path)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if err := qconf.Load(configFile); err != nil {
|
|
||||||
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
|
|
||||||
return
|
|
||||||
}
|
|
||||||
// uncomment this when we have webcli
|
|
||||||
// _, ok := conf.Users[auth.accessKey]
|
|
||||||
//if !ok {
|
|
||||||
// writeErrorResponse(w, r, AccessDenied, acceptsContentType, r.URL.Path)
|
|
||||||
// return
|
|
||||||
//}
|
|
||||||
// Success
|
// Success
|
||||||
h.handler.ServeHTTP(w, r)
|
h.handler.ServeHTTP(w, r)
|
||||||
default:
|
default:
|
||||||
|
Loading…
Reference in New Issue
Block a user