Docker
/
linx-server
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Rename auth header to Linx-Api-Key and remove 

b64encoding requirement for uploading with keys
pull/73/head
andreimarcu 9 years ago
parent
6987edc0d8
commit
68653372ff
4 changed files with 10 additions and 20 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      auth.go
  2. 6
      auth_test.go
  3. 1
      server.go
  4. 3
      upload.go

20
auth.go
View File

@ -6,13 +6,11 @@ import (
"log"
"net/http"
"os"
"strings"
"golang.org/x/crypto/scrypt"
)
const (
authPrefix = "Linx "
scryptSalt = "linx-server"
scryptN = 16384
scryptr = 8
@ -54,8 +52,8 @@ func readAuthKeys(authFile string) []string {
return authKeys
}
func checkAuth(authKeys []string, decodedAuth []byte) (result bool, err error) {
checkKey, err := scrypt.Key([]byte(decodedAuth), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen)
func checkAuth(authKeys []string, key string) (result bool, err error) {
checkKey, err := scrypt.Key([]byte(key), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen)
if err != nil {
return
}
@ -79,19 +77,9 @@ func (a auth) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}
authHeader := r.Header.Get("Authorization")
if !strings.HasPrefix(authHeader, authPrefix) {
a.failureHandler.ServeHTTP(w, r)
return
}
decodedAuth, err := base64.StdEncoding.DecodeString(authHeader[len(authPrefix):])
if err != nil {
a.failureHandler.ServeHTTP(w, r)
return
}
key := r.Header.Get("Linx-Api-Key")
result, err := checkAuth(a.authKeys, decodedAuth)
result, err := checkAuth(a.authKeys, key)
if err != nil || !result {
a.failureHandler.ServeHTTP(w, r)
return

6
auth_test.go
View File

@ -10,15 +10,15 @@ func TestCheckAuth(t *testing.T) {
"vFpNprT9wbHgwAubpvRxYCCpA2FQMAK6hFqPvAGrdZo=",
}
if r, err := checkAuth(authKeys, []byte("")); err != nil && r {
if r, err := checkAuth(authKeys, ""); err != nil && r {
t.Fatal("Authorization passed for empty key")
}
if r, err := checkAuth(authKeys, []byte("thisisnotvalid")); err != nil && r {
if r, err := checkAuth(authKeys, "thisisnotvalid"); err != nil && r {
t.Fatal("Authorization passed for invalid key")
}
if r, err := checkAuth(authKeys, []byte("haPVipRnGJ0QovA9nyqK")); err != nil && !r {
if r, err := checkAuth(authKeys, "haPVipRnGJ0QovA9nyqK"); err != nil && !r {
t.Fatal("Authorization failed for valid key")
}
}

1
server.go
View File

@ -139,6 +139,7 @@ func setup() *web.Mux {
mux.Post("/upload/", uploadPostHandler)
mux.Put("/upload", uploadPutHandler)
mux.Put("/upload/:name", uploadPutHandler)
mux.Delete("/:name", deleteHandler)
mux.Get("/static/*", staticHandler)

3
upload.go
View File

@ -139,9 +139,10 @@ func uploadPutHandler(c web.C, w http.ResponseWriter, r *http.Request) {
func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) {
if Config.remoteAuthFile != "" {
result, err := checkAuth(remoteAuthKeys, []byte(r.FormValue("key")))
result, err := checkAuth(remoteAuthKeys, r.FormValue("key"))
if err != nil || !result {
unauthorizedHandler(c, w, r)
return
}
} else {
// strict referrer checking is mandatory without remote auth keys

Write Preview
Loading…
Cancel
Save