Rename auth header to Linx-Api-Key and remove

b64encoding requirement for uploading with keys
This commit is contained in:
andreimarcu 2015-10-14 16:13:29 -04:00
parent 6987edc0d8
commit 68653372ff
4 changed files with 10 additions and 20 deletions

20
auth.go
View file

@ -6,13 +6,11 @@ import (
"log"
"net/http"
"os"
"strings"
"golang.org/x/crypto/scrypt"
)
const (
authPrefix = "Linx "
scryptSalt = "linx-server"
scryptN = 16384
scryptr = 8
@ -54,8 +52,8 @@ func readAuthKeys(authFile string) []string {
return authKeys
}
func checkAuth(authKeys []string, decodedAuth []byte) (result bool, err error) {
checkKey, err := scrypt.Key([]byte(decodedAuth), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen)
func checkAuth(authKeys []string, key string) (result bool, err error) {
checkKey, err := scrypt.Key([]byte(key), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen)
if err != nil {
return
}
@ -79,19 +77,9 @@ func (a auth) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return
}
authHeader := r.Header.Get("Authorization")
if !strings.HasPrefix(authHeader, authPrefix) {
a.failureHandler.ServeHTTP(w, r)
return
}
key := r.Header.Get("Linx-Api-Key")
decodedAuth, err := base64.StdEncoding.DecodeString(authHeader[len(authPrefix):])
if err != nil {
a.failureHandler.ServeHTTP(w, r)
return
}
result, err := checkAuth(a.authKeys, decodedAuth)
result, err := checkAuth(a.authKeys, key)
if err != nil || !result {
a.failureHandler.ServeHTTP(w, r)
return

View file

@ -10,15 +10,15 @@ func TestCheckAuth(t *testing.T) {
"vFpNprT9wbHgwAubpvRxYCCpA2FQMAK6hFqPvAGrdZo=",
}
if r, err := checkAuth(authKeys, []byte("")); err != nil && r {
if r, err := checkAuth(authKeys, ""); err != nil && r {
t.Fatal("Authorization passed for empty key")
}
if r, err := checkAuth(authKeys, []byte("thisisnotvalid")); err != nil && r {
if r, err := checkAuth(authKeys, "thisisnotvalid"); err != nil && r {
t.Fatal("Authorization passed for invalid key")
}
if r, err := checkAuth(authKeys, []byte("haPVipRnGJ0QovA9nyqK")); err != nil && !r {
if r, err := checkAuth(authKeys, "haPVipRnGJ0QovA9nyqK"); err != nil && !r {
t.Fatal("Authorization failed for valid key")
}
}

View file

@ -139,6 +139,7 @@ func setup() *web.Mux {
mux.Post("/upload/", uploadPostHandler)
mux.Put("/upload", uploadPutHandler)
mux.Put("/upload/:name", uploadPutHandler)
mux.Delete("/:name", deleteHandler)
mux.Get("/static/*", staticHandler)

View file

@ -139,9 +139,10 @@ func uploadPutHandler(c web.C, w http.ResponseWriter, r *http.Request) {
func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) {
if Config.remoteAuthFile != "" {
result, err := checkAuth(remoteAuthKeys, []byte(r.FormValue("key")))
result, err := checkAuth(remoteAuthKeys, r.FormValue("key"))
if err != nil || !result {
unauthorizedHandler(c, w, r)
return
}
} else {
// strict referrer checking is mandatory without remote auth keys