Handle authorization header better

master
Harshavardhana 10 years ago
parent 2d5e1d3797
commit 19250296c6
  1. 35
      pkg/api/api_generic_handlers.go
  2. 4
      pkg/api/logging/logging.go

@ -54,6 +54,10 @@ const (
timeFormat = "20060102T150405Z" timeFormat = "20060102T150405Z"
) )
const (
authHeaderPrefix = "AWS4-HMAC-SHA256"
)
// strip auth from authorization header // strip auth from authorization header
func stripAuth(r *http.Request) (*auth, error) { func stripAuth(r *http.Request) (*auth, error) {
authHeader := r.Header.Get("Authorization") authHeader := r.Header.Get("Authorization")
@ -61,23 +65,32 @@ func stripAuth(r *http.Request) (*auth, error) {
return nil, errors.New("Missing auth header") return nil, errors.New("Missing auth header")
} }
a := new(auth) a := new(auth)
authFields := strings.Fields(authHeader) authFields := strings.Split(authHeader, ",")
if len(authFields) < 4 { if len(authFields) != 3 {
return nil, errors.New("Missing fields in Auth header")
}
authPrefixFields := strings.Fields(authFields[0])
if len(authPrefixFields) != 2 {
return nil, errors.New("Missing fields in Auth header")
}
if authPrefixFields[0] != authHeaderPrefix {
return nil, errors.New("Missing fields is Auth header")
}
credentials := strings.Split(authPrefixFields[1], "=")
if len(credentials) != 2 {
return nil, errors.New("Missing fields in Auth header") return nil, errors.New("Missing fields in Auth header")
} }
a.prefix = authFields[0] signedheaders := strings.Split(authFields[1], "=")
credentials := strings.Split(authFields[1], ",")[0] if len(signedheaders) != 2 {
if len(credentials) < 2 {
return nil, errors.New("Missing fields in Auth header") return nil, errors.New("Missing fields in Auth header")
} }
signedheaders := strings.Split(authFields[2], ",")[0] signature := strings.Split(authFields[2], "=")
if len(signedheaders) < 2 { if len(signature) != 2 {
return nil, errors.New("Missing fields in Auth header") return nil, errors.New("Missing fields in Auth header")
} }
signature := authFields[3] a.credential = credentials[1]
a.credential = strings.Split(credentials, "=")[1] a.signedheaders = signedheaders[1]
a.signedheaders = strings.Split(signedheaders, "=")[1] a.signature = signature[1]
a.signature = strings.Split(signature, "=")[1]
a.accessKey = strings.Split(a.credential, "/")[0] a.accessKey = strings.Split(a.credential, "/")[0]
if !keys.IsValidAccessKey(a.accessKey) { if !keys.IsValidAccessKey(a.accessKey) {
return nil, errors.New("Invalid access key") return nil, errors.New("Invalid access key")

@ -39,6 +39,7 @@ type LogMessage struct {
StartTime time.Time StartTime time.Time
Duration time.Duration Duration time.Duration
Status int Status int
StatusText string
ResponseHeaders http.Header ResponseHeaders http.Header
} }
@ -50,6 +51,7 @@ type LogWriter struct {
// WriteHeader writes headers and stores status in LogMessage // WriteHeader writes headers and stores status in LogMessage
func (w *LogWriter) WriteHeader(status int) { func (w *LogWriter) WriteHeader(status int) {
w.LogMessage.StatusText = http.StatusText(status)
w.LogMessage.Status = status w.LogMessage.Status = status
w.ResponseWriter.WriteHeader(status) w.ResponseWriter.WriteHeader(status)
} }
@ -69,12 +71,12 @@ func (h *logHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
StartTime: time.Now().UTC(), StartTime: time.Now().UTC(),
} }
logWriter := &LogWriter{ResponseWriter: w, LogMessage: logMessage} logWriter := &LogWriter{ResponseWriter: w, LogMessage: logMessage}
h.Handler.ServeHTTP(logWriter, req)
logMessage.ResponseHeaders = w.Header() logMessage.ResponseHeaders = w.Header()
logMessage.Request = req logMessage.Request = req
logMessage.Duration = time.Now().UTC().Sub(logMessage.StartTime) logMessage.Duration = time.Now().UTC().Sub(logMessage.StartTime)
js, _ := json.Marshal(logMessage) js, _ := json.Marshal(logMessage)
h.Logger <- string(js) h.Logger <- string(js)
h.Handler.ServeHTTP(logWriter, req)
} }
// LogHandler logs requests // LogHandler logs requests

Loading…
Cancel
Save