Profouzors
/
ProfouzorsLinx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rename auth header to Linx-Api-Key and remove 

b64encoding requirement for uploading with keys
This commit is contained in:
andreimarcu 2015-10-14 16:13:29 -04:00
parent 6987edc0d8
commit 68653372ff
4 changed files with 10 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
auth.go
View File

@ -6,13 +6,11 @@ import (
"log" "log"
"net/http" "net/http"
"os" "os"
"strings"
"golang.org/x/crypto/scrypt" "golang.org/x/crypto/scrypt"
) )
const ( const (
authPrefix = "Linx "
scryptSalt = "linx-server" scryptSalt = "linx-server"
scryptN = 16384 scryptN = 16384
scryptr = 8 scryptr = 8
@ -54,8 +52,8 @@ func readAuthKeys(authFile string) []string {
return authKeys return authKeys
} }
func checkAuth(authKeys []string, decodedAuth []byte) (result bool, err error) { func checkAuth(authKeys []string, key string) (result bool, err error) {
checkKey, err := scrypt.Key([]byte(decodedAuth), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen) checkKey, err := scrypt.Key([]byte(key), []byte(scryptSalt), scryptN, scryptr, scryptp, scryptKeyLen)
if err != nil { if err != nil {
return return
} }
@ -79,19 +77,9 @@ func (a auth) ServeHTTP(w http.ResponseWriter, r *http.Request) {
return return
} }
authHeader := r.Header.Get("Authorization") key := r.Header.Get("Linx-Api-Key")
if !strings.HasPrefix(authHeader, authPrefix) {
a.failureHandler.ServeHTTP(w, r)
return
}
decodedAuth, err := base64.StdEncoding.DecodeString(authHeader[len(authPrefix):]) result, err := checkAuth(a.authKeys, key)
if err != nil {
a.failureHandler.ServeHTTP(w, r)
return
}
result, err := checkAuth(a.authKeys, decodedAuth)
if err != nil || !result { if err != nil || !result {
a.failureHandler.ServeHTTP(w, r) a.failureHandler.ServeHTTP(w, r)
return return

6
auth_test.go
View File

@ -10,15 +10,15 @@ func TestCheckAuth(t *testing.T) {
"vFpNprT9wbHgwAubpvRxYCCpA2FQMAK6hFqPvAGrdZo=", "vFpNprT9wbHgwAubpvRxYCCpA2FQMAK6hFqPvAGrdZo=",
} }
if r, err := checkAuth(authKeys, []byte("")); err != nil && r { if r, err := checkAuth(authKeys, ""); err != nil && r {
t.Fatal("Authorization passed for empty key") t.Fatal("Authorization passed for empty key")
} }
if r, err := checkAuth(authKeys, []byte("thisisnotvalid")); err != nil && r { if r, err := checkAuth(authKeys, "thisisnotvalid"); err != nil && r {
t.Fatal("Authorization passed for invalid key") t.Fatal("Authorization passed for invalid key")
} }
if r, err := checkAuth(authKeys, []byte("haPVipRnGJ0QovA9nyqK")); err != nil && !r { if r, err := checkAuth(authKeys, "haPVipRnGJ0QovA9nyqK"); err != nil && !r {
t.Fatal("Authorization failed for valid key") t.Fatal("Authorization failed for valid key")
} }
} }

1
server.go
View File

@ -139,6 +139,7 @@ func setup() *web.Mux {
mux.Post("/upload/", uploadPostHandler) mux.Post("/upload/", uploadPostHandler)
mux.Put("/upload", uploadPutHandler) mux.Put("/upload", uploadPutHandler)
mux.Put("/upload/:name", uploadPutHandler) mux.Put("/upload/:name", uploadPutHandler)
mux.Delete("/:name", deleteHandler) mux.Delete("/:name", deleteHandler)
mux.Get("/static/*", staticHandler) mux.Get("/static/*", staticHandler)

3
upload.go
View File

@ -139,9 +139,10 @@ func uploadPutHandler(c web.C, w http.ResponseWriter, r *http.Request) {
func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) { func uploadRemote(c web.C, w http.ResponseWriter, r *http.Request) {
if Config.remoteAuthFile != "" { if Config.remoteAuthFile != "" {
result, err := checkAuth(remoteAuthKeys, []byte(r.FormValue("key"))) result, err := checkAuth(remoteAuthKeys, r.FormValue("key"))
if err != nil || !result { if err != nil || !result {
unauthorizedHandler(c, w, r) unauthorizedHandler(c, w, r)
return
} }
} else { } else {
// strict referrer checking is mandatory without remote auth keys // strict referrer checking is mandatory without remote auth keys