Rename auth header to Linx-Api-Key and remove

b64encoding requirement for uploading with keys
9 years ago · 68653372ff
4 changed files with 10 additions and 20 deletions
--- a/auth.go
+++ b/auth.go
@ -6,13 +6,11 @@ import (
 	"log"
 	"net/http"
 	"os"
 	"strings"
 	"golang.org/x/crypto/scrypt"
 )
 const (
 	authPrefix   = "Linx "
 	scryptSalt   = "linx-server"
 	scryptN      = 16384
 	scryptr      = 8
@ -54,8 +52,8 @@ func readAuthKeys(authFile string) []string {
 	return authKeys
 }
 func checkAuth(authKeys []string, decodedAuth []byte) (result bool, err error) {
 	checkKey, err := scrypt.Key([]byte(decodedAuth), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen)
 func checkAuth(authKeys []string, key string) (result bool, err error) {
 	checkKey, err := scrypt.Key([]byte(key), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen)
 	if err != nil {
 		return
 	}
@ -79,19 +77,9 @@ func (a auth) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	authHeader := r.Header.Get("Authorization")
 	if !strings.HasPrefix(authHeader, authPrefix) {
 		a.failureHandler.ServeHTTP(w, r)
 		return
 	}
 	decodedAuth, err := base64.StdEncoding.DecodeString(authHeader[len(authPrefix):])
 	if err != nil {
 		a.failureHandler.ServeHTTP(w, r)
 		return
 	}
 	key := r.Header.Get("Linx-Api-Key")
 	result, err := checkAuth(a.authKeys, decodedAuth)
 	result, err := checkAuth(a.authKeys, key)
 	if err != nil || !result {
 		a.failureHandler.ServeHTTP(w, r)
 		return
--- a/auth_test.go
+++ b/auth_test.go
@ -10,15 +10,15 @@ func TestCheckAuth(t *testing.T) {
 		"vFpNprT9wbHgwAubpvRxYCCpA2FQMAK6hFqPvAGrdZo=",
 	}
 	if r, err := checkAuth(authKeys, []byte("")); err != nil && r {
 	if r, err := checkAuth(authKeys, ""); err != nil && r {
 		t.Fatal("Authorization passed for empty key")
 	}
 	if r, err := checkAuth(authKeys, []byte("thisisnotvalid")); err != nil && r {
 	if r, err := checkAuth(authKeys, "thisisnotvalid"); err != nil && r {
 		t.Fatal("Authorization passed for invalid key")
 	}
 	if r, err := checkAuth(authKeys, []byte("haPVipRnGJ0QovA9nyqK")); err != nil && !r {
 	if r, err := checkAuth(authKeys, "haPVipRnGJ0QovA9nyqK"); err != nil && !r {
 		t.Fatal("Authorization failed for valid key")
 	}
 }
--- a/server.go
+++ b/server.go
@ -139,6 +139,7 @@ func setup() *web.Mux {
 	mux.Post("/upload/", uploadPostHandler)
 	mux.Put("/upload", uploadPutHandler)
 	mux.Put("/upload/:name", uploadPutHandler)
 	mux.Delete("/:name", deleteHandler)
 	mux.Get("/static/*", staticHandler)
--- a/upload.go
+++ b/upload.go
@ -139,9 +139,10 @@ func uploadPutHandler(c web.C, w http.ResponseWriter, r *http.Request) {
 func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) {
 	if Config.remoteAuthFile != "" {
 		result, err := checkAuth(remoteAuthKeys, []byte(r.FormValue("key")))
 		result, err := checkAuth(remoteAuthKeys, r.FormValue("key"))
 		if err != nil || !result {
 			unauthorizedHandler(c, w, r)
 			return
 		}
 	} else {
 		// strict referrer checking is mandatory without remote auth keys