We use cookies to ensure you get the best experience on our website
首页 发现 帮助
注册 登录
0ct0pu5
/
moby
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: cdb8ea90b0
分支列表 标签列表
moby
/
pkg
/
authorization
/
middleware.go

middleware.go 2.4 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. package authorization
    2. 

  2. 

  3. import (
    4. 

  4. 	"net/http"
    5. 

  5. 	"sync"
    6. 

  6. 

  7. 	"github.com/Sirupsen/logrus"
    8. 

  8. 	"github.com/docker/docker/pkg/plugingetter"
    9. 

  9. 	"golang.org/x/net/context"
    10. 

  10. )
    11. 

  11. 

  12. // Middleware uses a list of plugins to
    13. 

  13. // handle authorization in the API requests.
    14. 

  14. type Middleware struct {
    15. 

  15. 	mu      sync.Mutex
    16. 

  16. 	plugins []Plugin
    17. 

  17. }
    18. 

  18. 

  19. // NewMiddleware creates a new Middleware
    20. 

  20. // with a slice of plugins names.
    21. 

  21. func NewMiddleware(names []string, pg plugingetter.PluginGetter) *Middleware {
    22. 

  22. 	SetPluginGetter(pg)
    23. 

  23. 	return &Middleware{
    24. 

  24. 		plugins: newPlugins(names),
    25. 

  25. 	}
    26. 

  26. }
    27. 

  27. 

  28. // SetPlugins sets the plugin used for authorization
    29. 

  29. func (m *Middleware) SetPlugins(names []string) {
    30. 

  30. 	m.mu.Lock()
    31. 

  31. 	m.plugins = newPlugins(names)
    32. 

  32. 	m.mu.Unlock()
    33. 

  33. }
    34. 

  34. 

  35. // WrapHandler returns a new handler function wrapping the previous one in the request chain.
    36. 

  36. func (m *Middleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
    37. 

  37. 	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
    38. 

  38. 

  39. 		m.mu.Lock()
    40. 

  40. 		plugins := m.plugins
    41. 

  41. 		m.mu.Unlock()
    42. 

  42. 		if len(plugins) == 0 {
    43. 

  43. 			return handler(ctx, w, r, vars)
    44. 

  44. 		}
    45. 

  45. 

  46. 		user := ""
    47. 

  47. 		userAuthNMethod := ""
    48. 

  48. 

  49. 		// Default authorization using existing TLS connection credentials
    50. 

  50. 		// FIXME: Non trivial authorization mechanisms (such as advanced certificate validations, kerberos support
    51. 

  51. 		// and ldap) will be extracted using AuthN feature, which is tracked under:
    52. 

  52. 		// https://github.com/docker/docker/pull/20883
    53. 

  53. 		if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
    54. 

  54. 			user = r.TLS.PeerCertificates[0].Subject.CommonName
    55. 

  55. 			userAuthNMethod = "TLS"
    56. 

  56. 		}
    57. 

  57. 

  58. 		authCtx := NewCtx(plugins, user, userAuthNMethod, r.Method, r.RequestURI)
    59. 

  59. 

  60. 		if err := authCtx.AuthZRequest(w, r); err != nil {
    61. 

  61. 			logrus.Errorf("AuthZRequest for %s %s returned error: %s", r.Method, r.RequestURI, err)
    62. 

  62. 			return err
    63. 

  63. 		}
    64. 

  64. 

  65. 		rw := NewResponseModifier(w)
    66. 

  66. 

  67. 		var errD error
    68. 

  68. 

  69. 		if errD = handler(ctx, rw, r, vars); errD != nil {
    70. 

  70. 			logrus.Errorf("Handler for %s %s returned error: %s", r.Method, r.RequestURI, errD)
    71. 

  71. 		}
    72. 

  72. 

  73. 		if err := authCtx.AuthZResponse(rw, r); errD == nil && err != nil {
    74. 

  74. 			logrus.Errorf("AuthZResponse for %s %s returned error: %s", r.Method, r.RequestURI, err)
    75. 

  75. 			return err
    76. 

  76. 		}
    77. 

  77. 

  78. 		if errD != nil {
    79. 

  79. 			return errD
    80. 

  80. 		}
    81. 

  81. 

  82. 		return nil
    83. 

  83. 	}
    84. 

  84. }
    85.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5