mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
return different status code for internode communication (#17655)
mc admin trace -a will be able to quickly show 401 Unauthorized header to pinpoint trivial issues between nodes, such as wrong root credentials and skewed time.
This commit is contained in:
parent
3e196fa7b3
commit
df29d25e6b
@ -46,6 +46,8 @@ var (
|
||||
errAccessKeyDisabled = errors.New("The access key you provided is disabled")
|
||||
errAuthentication = errors.New("Authentication failed, check your access credentials")
|
||||
errNoAuthToken = errors.New("JWT token missing")
|
||||
errSkewedAuthTime = errors.New("Skewed authenticationdate/time")
|
||||
errMalformedAuth = errors.New("Malformed authentication input")
|
||||
)
|
||||
|
||||
// cachedAuthenticateNode will cache authenticateNode results for given values up to ttl.
|
||||
|
@ -56,9 +56,15 @@ type storageRESTServer struct {
|
||||
}
|
||||
|
||||
func (s *storageRESTServer) writeErrorResponse(w http.ResponseWriter, err error) {
|
||||
if errors.Is(err, errDiskStale) {
|
||||
err = unwrapAll(err)
|
||||
switch err {
|
||||
case errDiskStale:
|
||||
w.WriteHeader(http.StatusPreconditionFailed)
|
||||
} else {
|
||||
case errFileNotFound, errFileVersionNotFound:
|
||||
w.WriteHeader(http.StatusNotFound)
|
||||
case errInvalidAccessKeyID, errAccessKeyDisabled, errNoAuthToken, errMalformedAuth, errAuthentication, errSkewedAuthTime:
|
||||
w.WriteHeader(http.StatusUnauthorized)
|
||||
default:
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
}
|
||||
w.Write([]byte(err.Error()))
|
||||
@ -74,7 +80,7 @@ func storageServerRequestValidate(r *http.Request) error {
|
||||
if err == jwtreq.ErrNoTokenInRequest {
|
||||
return errNoAuthToken
|
||||
}
|
||||
return err
|
||||
return errMalformedAuth
|
||||
}
|
||||
|
||||
claims := xjwt.NewStandardClaims()
|
||||
@ -94,7 +100,7 @@ func storageServerRequestValidate(r *http.Request) error {
|
||||
requestTimeStr := r.Header.Get("X-Minio-Time")
|
||||
requestTime, err := time.Parse(time.RFC3339, requestTimeStr)
|
||||
if err != nil {
|
||||
return err
|
||||
return errMalformedAuth
|
||||
}
|
||||
utcNow := UTCNow()
|
||||
delta := requestTime.Sub(utcNow)
|
||||
@ -102,7 +108,7 @@ func storageServerRequestValidate(r *http.Request) error {
|
||||
delta *= -1
|
||||
}
|
||||
if delta > DefaultSkewTime {
|
||||
return fmt.Errorf("client time %v is too apart with server time %v", requestTime, utcNow)
|
||||
return errSkewedAuthTime
|
||||
}
|
||||
|
||||
return nil
|
||||
|
Loading…
Reference in New Issue
Block a user