mirror of
https://github.com/minio/minio.git
synced 2024-12-25 06:35:56 -05:00
Generate auth now saves in ${HOME}/.minio/users.json, also authHandler verifies request validity
This commit is contained in:
parent
51d2d8e221
commit
8654ddb566
@ -34,7 +34,7 @@ type User struct {
|
||||
// Config auth keys
|
||||
type Config struct {
|
||||
Version string
|
||||
Users map[string]User
|
||||
Users map[string]*User
|
||||
}
|
||||
|
||||
// getAuthConfigPath get donut config file path
|
||||
@ -86,6 +86,7 @@ func LoadConfig() (*Config, error) {
|
||||
}
|
||||
a := &Config{}
|
||||
a.Version = "0.0.1"
|
||||
a.Users = make(map[string]*User)
|
||||
qc, err := quick.New(a)
|
||||
if err != nil {
|
||||
return nil, iodine.New(err, nil)
|
||||
|
@ -21,6 +21,7 @@ import (
|
||||
"net/http"
|
||||
|
||||
jsonrpc "github.com/gorilla/rpc/v2/json"
|
||||
"github.com/minio/minio/pkg/auth"
|
||||
"github.com/minio/minio/pkg/iodine"
|
||||
"github.com/minio/minio/pkg/server/rpc"
|
||||
)
|
||||
@ -110,6 +111,17 @@ func GetAuthKeys(url string) ([]byte, error) {
|
||||
if err := jsonrpc.DecodeClientResponse(resp.Body, &reply); err != nil {
|
||||
return nil, iodine.New(err, nil)
|
||||
}
|
||||
authConfig := &auth.Config{}
|
||||
authConfig.Version = "0.0.1"
|
||||
authConfig.Users = make(map[string]*auth.User)
|
||||
user := &auth.User{}
|
||||
user.Name = "testuser"
|
||||
user.AccessKeyID = reply.AccessKeyID
|
||||
user.SecretAccessKey = reply.SecretAccessKey
|
||||
authConfig.Users[reply.AccessKeyID] = user
|
||||
if err := auth.SaveConfig(authConfig); err != nil {
|
||||
return nil, iodine.New(err, nil)
|
||||
}
|
||||
return json.MarshalIndent(reply, "", "\t")
|
||||
}
|
||||
|
||||
|
@ -19,14 +19,10 @@ package api
|
||||
import (
|
||||
"errors"
|
||||
"net/http"
|
||||
"os"
|
||||
"os/user"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/minio/minio/pkg/auth"
|
||||
"github.com/minio/minio/pkg/quick"
|
||||
)
|
||||
|
||||
type contentTypeHandler struct {
|
||||
@ -182,57 +178,22 @@ func ValidateAuthHeaderHandler(h http.Handler) http.Handler {
|
||||
return validateAuthHandler{h}
|
||||
}
|
||||
|
||||
// User context
|
||||
type User struct {
|
||||
Version string
|
||||
Name string
|
||||
AccessKey string
|
||||
SecretKey string
|
||||
}
|
||||
|
||||
func getConfigFile() string {
|
||||
u, err := user.Current()
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
confPath := filepath.Join(u.HomeDir, ".minio")
|
||||
if err := os.MkdirAll(confPath, 0700); err != nil {
|
||||
return ""
|
||||
}
|
||||
return filepath.Join(confPath, "users.json")
|
||||
}
|
||||
|
||||
// validate auth header handler ServeHTTP() wrapper
|
||||
func (h validateAuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||
acceptsContentType := getContentType(r)
|
||||
_, err := stripAuth(r)
|
||||
ah, err := stripAuth(r)
|
||||
switch err.(type) {
|
||||
case nil:
|
||||
users := make(map[string]User)
|
||||
configFile := getConfigFile()
|
||||
if configFile == "" {
|
||||
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
|
||||
return
|
||||
}
|
||||
qconf, err := quick.New(&users)
|
||||
authConfig, err := auth.LoadConfig()
|
||||
if err != nil {
|
||||
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
|
||||
return
|
||||
}
|
||||
if err := qconf.Save(configFile); err != nil {
|
||||
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
|
||||
_, ok := authConfig.Users[ah.accessKey]
|
||||
if !ok {
|
||||
writeErrorResponse(w, r, AccessDenied, acceptsContentType, r.URL.Path)
|
||||
return
|
||||
}
|
||||
if err := qconf.Load(configFile); err != nil {
|
||||
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
|
||||
return
|
||||
}
|
||||
// uncomment this when we have webcli
|
||||
// _, ok := conf.Users[auth.accessKey]
|
||||
//if !ok {
|
||||
// writeErrorResponse(w, r, AccessDenied, acceptsContentType, r.URL.Path)
|
||||
// return
|
||||
//}
|
||||
// Success
|
||||
h.handler.ServeHTTP(w, r)
|
||||
default:
|
||||
|
Loading…
Reference in New Issue
Block a user