From 68653372ffb5ede71102c02b679dbddb72a20a8d Mon Sep 17 00:00:00 2001 From: andreimarcu Date: Wed, 14 Oct 2015 16:13:29 -0400 Subject: [PATCH] Rename auth header to Linx-Api-Key and remove b64encoding requirement for uploading with keys --- auth.go | 20 ++++---------------- auth_test.go | 6 +++--- server.go | 1 + upload.go | 3 ++- 4 files changed, 10 insertions(+), 20 deletions(-) diff --git a/auth.go b/auth.go index c8de59a..102f892 100644 --- a/auth.go +++ b/auth.go @@ -6,13 +6,11 @@ import ( "log" "net/http" "os" - "strings" "golang.org/x/crypto/scrypt" ) const ( - authPrefix = "Linx " scryptSalt = "linx-server" scryptN = 16384 scryptr = 8 @@ -54,8 +52,8 @@ func readAuthKeys(authFile string) []string { return authKeys } -func checkAuth(authKeys []string, decodedAuth []byte) (result bool, err error) { - checkKey, err := scrypt.Key([]byte(decodedAuth), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen) +func checkAuth(authKeys []string, key string) (result bool, err error) { + checkKey, err := scrypt.Key([]byte(key), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen) if err != nil { return } @@ -79,19 +77,9 @@ func (a auth) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } - authHeader := r.Header.Get("Authorization") - if !strings.HasPrefix(authHeader, authPrefix) { - a.failureHandler.ServeHTTP(w, r) - return - } - - decodedAuth, err := base64.StdEncoding.DecodeString(authHeader[len(authPrefix):]) - if err != nil { - a.failureHandler.ServeHTTP(w, r) - return - } + key := r.Header.Get("Linx-Api-Key") - result, err := checkAuth(a.authKeys, decodedAuth) + result, err := checkAuth(a.authKeys, key) if err != nil || !result { a.failureHandler.ServeHTTP(w, r) return diff --git a/auth_test.go b/auth_test.go index 9cec2ea..ded98b0 100644 --- a/auth_test.go +++ b/auth_test.go @@ -10,15 +10,15 @@ func TestCheckAuth(t *testing.T) { "vFpNprT9wbHgwAubpvRxYCCpA2FQMAK6hFqPvAGrdZo=", } - if r, err := checkAuth(authKeys, []byte("")); err != nil && r { + if r, err := checkAuth(authKeys, ""); err != nil && r { t.Fatal("Authorization passed for empty key") } - if r, err := checkAuth(authKeys, []byte("thisisnotvalid")); err != nil && r { + if r, err := checkAuth(authKeys, "thisisnotvalid"); err != nil && r { t.Fatal("Authorization passed for invalid key") } - if r, err := checkAuth(authKeys, []byte("haPVipRnGJ0QovA9nyqK")); err != nil && !r { + if r, err := checkAuth(authKeys, "haPVipRnGJ0QovA9nyqK"); err != nil && !r { t.Fatal("Authorization failed for valid key") } } diff --git a/server.go b/server.go index d28bf86..e2fac73 100644 --- a/server.go +++ b/server.go @@ -139,6 +139,7 @@ func setup() *web.Mux { mux.Post("/upload/", uploadPostHandler) mux.Put("/upload", uploadPutHandler) mux.Put("/upload/:name", uploadPutHandler) + mux.Delete("/:name", deleteHandler) mux.Get("/static/*", staticHandler) diff --git a/upload.go b/upload.go index a4a9032..9c14596 100644 --- a/upload.go +++ b/upload.go @@ -139,9 +139,10 @@ func uploadPutHandler(c web.C, w http.ResponseWriter, r *http.Request) { func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) { if Config.remoteAuthFile != "" { - result, err := checkAuth(remoteAuthKeys, []byte(r.FormValue("key"))) + result, err := checkAuth(remoteAuthKeys, r.FormValue("key")) if err != nil || !result { unauthorizedHandler(c, w, r) + return } } else { // strict referrer checking is mandatory without remote auth keys