Validate incoming requests (#7234)

6 years ago · 14544d8d84
parent 118270d76f
commit 14544d8d84
2 changed files with 11 additions and 1 deletions
--- a/cmd/storage-rest-common.go
+++ b/cmd/storage-rest-common.go
@ -16,7 +16,7 @@

 package cmd

-const storageRESTVersion = "v3"
+const storageRESTVersion = "v4"
 const storageRESTPath = minioReservedBucketPath + "/storage/" + storageRESTVersion + "/"

 const (
--- a/cmd/storage-rest-server.go
+++ b/cmd/storage-rest-server.go
@ -43,8 +43,18 @@ func (s *storageRESTServer) writeErrorResponse(w http.ResponseWriter, err error)
 	w.Write([]byte(err.Error()))
 }

+// Authenticates storage client's requests.
+func storageServerRequestAuthenticate(r *http.Request) error {
+	_, _, err := webRequestAuthenticate(r)
+	return err
+}
+
 // IsValid - To authenticate and verify the time difference.
 func (s *storageRESTServer) IsValid(w http.ResponseWriter, r *http.Request) bool {
+	if err := storageServerRequestAuthenticate(r); err != nil {
+		w.WriteHeader(http.StatusForbidden)
+		return false
+	}
 	requestTimeStr := r.Header.Get("X-Minio-Time")
 	requestTime, err := time.Parse(time.RFC3339, requestTimeStr)
 	if err != nil {