Generate auth now saves in ${HOME}/.minio/users.json, also authHandler verifies request validity

This commit is contained in:
Harshavardhana 2015-07-08 21:10:12 -07:00
parent 51d2d8e221
commit 8654ddb566
3 changed files with 19 additions and 45 deletions

View File

@ -34,7 +34,7 @@ type User struct {
// Config auth keys
type Config struct {
Version string
Users map[string]User
Users map[string]*User
}
// getAuthConfigPath get donut config file path
@ -86,6 +86,7 @@ func LoadConfig() (*Config, error) {
}
a := &Config{}
a.Version = "0.0.1"
a.Users = make(map[string]*User)
qc, err := quick.New(a)
if err != nil {
return nil, iodine.New(err, nil)

View File

@ -21,6 +21,7 @@ import (
"net/http"
jsonrpc "github.com/gorilla/rpc/v2/json"
"github.com/minio/minio/pkg/auth"
"github.com/minio/minio/pkg/iodine"
"github.com/minio/minio/pkg/server/rpc"
)
@ -110,6 +111,17 @@ func GetAuthKeys(url string) ([]byte, error) {
if err := jsonrpc.DecodeClientResponse(resp.Body, &reply); err != nil {
return nil, iodine.New(err, nil)
}
authConfig := &auth.Config{}
authConfig.Version = "0.0.1"
authConfig.Users = make(map[string]*auth.User)
user := &auth.User{}
user.Name = "testuser"
user.AccessKeyID = reply.AccessKeyID
user.SecretAccessKey = reply.SecretAccessKey
authConfig.Users[reply.AccessKeyID] = user
if err := auth.SaveConfig(authConfig); err != nil {
return nil, iodine.New(err, nil)
}
return json.MarshalIndent(reply, "", "\t")
}

View File

@ -19,14 +19,10 @@ package api
import (
"errors"
"net/http"
"os"
"os/user"
"path/filepath"
"strings"
"time"
"github.com/minio/minio/pkg/auth"
"github.com/minio/minio/pkg/quick"
)
type contentTypeHandler struct {
@ -182,57 +178,22 @@ func ValidateAuthHeaderHandler(h http.Handler) http.Handler {
return validateAuthHandler{h}
}
// User context
type User struct {
Version string
Name string
AccessKey string
SecretKey string
}
func getConfigFile() string {
u, err := user.Current()
if err != nil {
return ""
}
confPath := filepath.Join(u.HomeDir, ".minio")
if err := os.MkdirAll(confPath, 0700); err != nil {
return ""
}
return filepath.Join(confPath, "users.json")
}
// validate auth header handler ServeHTTP() wrapper
func (h validateAuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
acceptsContentType := getContentType(r)
_, err := stripAuth(r)
ah, err := stripAuth(r)
switch err.(type) {
case nil:
users := make(map[string]User)
configFile := getConfigFile()
if configFile == "" {
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
return
}
qconf, err := quick.New(&users)
authConfig, err := auth.LoadConfig()
if err != nil {
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
return
}
if err := qconf.Save(configFile); err != nil {
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
_, ok := authConfig.Users[ah.accessKey]
if !ok {
writeErrorResponse(w, r, AccessDenied, acceptsContentType, r.URL.Path)
return
}
if err := qconf.Load(configFile); err != nil {
writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
return
}
// uncomment this when we have webcli
// _, ok := conf.Users[auth.accessKey]
//if !ok {
// writeErrorResponse(w, r, AccessDenied, acceptsContentType, r.URL.Path)
// return
//}
// Success
h.handler.ServeHTTP(w, r)
default: