oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add rpc layer authentication.

Browse Source
master
Harshavardhana 8 years ago
parent b4172ad3c8
commit 61af764f8a
6 changed files with 210 additions and 67 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 29
      cmd/signature-jwt.go
  2. 12
      cmd/signature-jwt_test.go
  3. 61
      cmd/storage-rpc-client.go
  4. 43
      cmd/storage-rpc-server-datatypes.go
  5. 119
      cmd/storage-rpc-server.go
  6. 13
      cmd/web-handlers.go

29
cmd/signature-jwt.go
Unescape View File

@ -17,7 +17,7 @@
package cmd package cmd
import ( import (
"fmt" "errors"
"strings" "strings"
"time" "time"
@ -32,24 +32,27 @@ type JWT struct {
credential credential
} }
// Default - each token expires in 10hrs. // Default each token expires in 100yrs.
const ( const (
tokenExpires time.Duration = 10 defaultTokenExpiry time.Duration = time.Hour * 876000 // 100yrs.
) )
// newJWT - returns new JWT object. // newJWT - returns new JWT object.
func newJWT() (*JWT, error) { func newJWT(expiry time.Duration) (*JWT, error) {
if serverConfig == nil { if serverConfig == nil {
return nil, fmt.Errorf("server not initialzed") return nil, errors.New("Server not initialzed")
}
if expiry == 0 {
expiry = defaultTokenExpiry
} }
// Save access, secret keys. // Save access, secret keys.
cred := serverConfig.GetCredential() cred := serverConfig.GetCredential()
if !isValidAccessKey.MatchString(cred.AccessKeyID) { if !isValidAccessKey.MatchString(cred.AccessKeyID) {
return nil, fmt.Errorf("Invalid access key") return nil, errors.New("Invalid access key")
} }
if !isValidSecretKey.MatchString(cred.SecretAccessKey) { if !isValidSecretKey.MatchString(cred.SecretAccessKey) {
return nil, fmt.Errorf("Invalid secret key") return nil, errors.New("Invalid secret key")
} }
return &JWT{cred}, nil return &JWT{cred}, nil
@ -61,13 +64,13 @@ func (jwt *JWT) GenerateToken(accessKey string) (string, error) {
accessKey = strings.TrimSpace(accessKey) accessKey = strings.TrimSpace(accessKey)
if !isValidAccessKey.MatchString(accessKey) { if !isValidAccessKey.MatchString(accessKey) {
return "", fmt.Errorf("Invalid access key") return "", errors.New("Invalid access key")
} }
tUTCNow := time.Now().UTC() tUTCNow := time.Now().UTC()
token := jwtgo.NewWithClaims(jwtgo.SigningMethodHS512, jwtgo.MapClaims{ token := jwtgo.NewWithClaims(jwtgo.SigningMethodHS512, jwtgo.MapClaims{
// Token expires in 10hrs. // Token expires in 10hrs.
"exp": tUTCNow.Add(time.Hour * tokenExpires).Unix(), "exp": tUTCNow.Add(defaultTokenExpiry).Unix(),
"iat": tUTCNow.Unix(), "iat": tUTCNow.Unix(),
"sub": accessKey, "sub": accessKey,
}) })
@ -80,20 +83,20 @@ func (jwt *JWT) Authenticate(accessKey, secretKey string) error {
accessKey = strings.TrimSpace(accessKey) accessKey = strings.TrimSpace(accessKey)
if !isValidAccessKey.MatchString(accessKey) { if !isValidAccessKey.MatchString(accessKey) {
return fmt.Errorf("Invalid access key") return errors.New("Invalid access key")
} }
if !isValidSecretKey.MatchString(secretKey) { if !isValidSecretKey.MatchString(secretKey) {
return fmt.Errorf("Invalid secret key") return errors.New("Invalid secret key")
} }
if accessKey != jwt.AccessKeyID { if accessKey != jwt.AccessKeyID {
return fmt.Errorf("Access key does not match") return errors.New("Access key does not match")
} }
hashedSecretKey, _ := bcrypt.GenerateFromPassword([]byte(jwt.SecretAccessKey), bcrypt.DefaultCost) hashedSecretKey, _ := bcrypt.GenerateFromPassword([]byte(jwt.SecretAccessKey), bcrypt.DefaultCost)
if bcrypt.CompareHashAndPassword(hashedSecretKey, []byte(secretKey)) != nil { if bcrypt.CompareHashAndPassword(hashedSecretKey, []byte(secretKey)) != nil {
return fmt.Errorf("Authentication failed") return errors.New("Authentication failed")
} }
// Success. // Success.

12
cmd/signature-jwt_test.go
Unescape View File

@ -72,11 +72,11 @@ func TestNewJWT(t *testing.T) {
expectedErr error expectedErr error
}{ }{
// Test non-existent config directory. // Test non-existent config directory.
{path.Join(path1, "non-existent-dir"), false, nil, fmt.Errorf("server not initialzed")}, {path.Join(path1, "non-existent-dir"), false, nil, fmt.Errorf("Server not initialzed")},
// Test empty config directory. // Test empty config directory.
{path2, false, nil, fmt.Errorf("server not initialzed")}, {path2, false, nil, fmt.Errorf("Server not initialzed")},
// Test empty config file. // Test empty config file.
{path3, false, nil, fmt.Errorf("server not initialzed")}, {path3, false, nil, fmt.Errorf("Server not initialzed")},
// Test initialized config file. // Test initialized config file.
{path4, true, nil, nil}, {path4, true, nil, nil},
// Test to read already created config file. // Test to read already created config file.
@ -108,7 +108,7 @@ func TestNewJWT(t *testing.T) {
serverConfig.SetCredential(*testCase.cred) serverConfig.SetCredential(*testCase.cred)
} }
_, err := newJWT() _, err := newJWT(defaultWebTokenExpiry)
if testCase.expectedErr != nil { if testCase.expectedErr != nil {
if err == nil { if err == nil {
@ -132,7 +132,7 @@ func TestGenerateToken(t *testing.T) {
} }
defer removeAll(testPath) defer removeAll(testPath)
jwt, err := newJWT() jwt, err := newJWT(defaultWebTokenExpiry)
if err != nil { if err != nil {
t.Fatalf("unable get new JWT, %s", err) t.Fatalf("unable get new JWT, %s", err)
} }
@ -179,7 +179,7 @@ func TestAuthenticate(t *testing.T) {
} }
defer removeAll(testPath) defer removeAll(testPath)
jwt, err := newJWT() jwt, err := newJWT(defaultWebTokenExpiry)
if err != nil { if err != nil {
t.Fatalf("unable get new JWT, %s", err) t.Fatalf("unable get new JWT, %s", err)
} }

61
cmd/storage-rpc-client.go
Unescape View File

@ -17,20 +17,19 @@
package main package main
import ( import (
"net/http" "errors"
"net/rpc" "net/rpc"
"path" "path"
"strconv" "strconv"
"strings" "strings"
"time"
) )
type networkStorage struct { type networkStorage struct {
netScheme string netScheme string
netAddr string netAddr string
netPath string netPath string
rpcClient *rpc.Client rpcClient *rpc.Client
httpClient *http.Client rpcToken string
} }
const ( const (
@ -70,6 +69,25 @@ func toStorageErr(err error) error {
return err return err
} }
// Login rpc client makes an authentication request to the rpc server.
// Receives a session token which will be used for subsequent requests.
// FIXME: Currently these tokens expire in 100yrs.
func loginRPCClient(rpcClient *rpc.Client) (tokenStr string, err error) {
cred := serverConfig.GetCredential()
reply := RPCLoginReply{}
if err = rpcClient.Call("Storage.LoginHandler", RPCLoginArgs{
Username: cred.AccessKeyID,
Password: cred.SecretAccessKey,
}, &reply); err != nil {
return "", err
}
if reply.ServerVersion != minioVersion {
return "", errors.New("Server version mismatch")
}
// Reply back server provided token.
return reply.Token, nil
}
// Initialize new rpc client. // Initialize new rpc client.
func newRPCClient(networkPath string) (StorageAPI, error) { func newRPCClient(networkPath string) (StorageAPI, error) {
// Input validation. // Input validation.
@ -80,15 +98,6 @@ func newRPCClient(networkPath string) (StorageAPI, error) {
// TODO validate netAddr and netPath. // TODO validate netAddr and netPath.
netAddr, netPath := splitNetPath(networkPath) netAddr, netPath := splitNetPath(networkPath)
// Initialize http client.
httpClient := &http.Client{
// Setting a sensible time out of 6minutes to wait for
// response headers. Request is pro-actively cancelled
// after 6minutes if no response was received from server.
Timeout: 6 * time.Minute,
Transport: http.DefaultTransport,
}
// Dial minio rpc storage http path. // Dial minio rpc storage http path.
rpcPath := path.Join(storageRPCPath, netPath) rpcPath := path.Join(storageRPCPath, netPath)
port := getPort(srvConfig.serverAddr) port := getPort(srvConfig.serverAddr)
@ -98,13 +107,18 @@ func newRPCClient(networkPath string) (StorageAPI, error) {
return nil, err return nil, err
} }
token, err := loginRPCClient(rpcClient)
if err != nil {
return nil, err
}
// Initialize network storage. // Initialize network storage.
ndisk := &networkStorage{ ndisk := &networkStorage{
netScheme: "http", // TODO: fix for ssl rpc support. netScheme: "http", // TODO: fix for ssl rpc support.
netAddr: netAddr, netAddr: netAddr,
netPath: netPath, netPath: netPath,
rpcClient: rpcClient, rpcClient: rpcClient,
httpClient: httpClient, rpcToken: token,
} }
// Returns successfully here. // Returns successfully here.
@ -117,7 +131,8 @@ func (n networkStorage) MakeVol(volume string) error {
return errVolumeBusy return errVolumeBusy
} }
reply := GenericReply{} reply := GenericReply{}
if err := n.rpcClient.Call("Storage.MakeVolHandler", volume, &reply); err != nil { args := GenericVolArgs{n.rpcToken, volume}
if err := n.rpcClient.Call("Storage.MakeVolHandler", args, &reply); err != nil {
return toStorageErr(err) return toStorageErr(err)
} }
return nil return nil
@ -129,7 +144,7 @@ func (n networkStorage) ListVols() (vols []VolInfo, err error) {
return nil, errVolumeBusy return nil, errVolumeBusy
} }
ListVols := ListVolsReply{} ListVols := ListVolsReply{}
err = n.rpcClient.Call("Storage.ListVolsHandler", "", &ListVols) err = n.rpcClient.Call("Storage.ListVolsHandler", n.rpcToken, &ListVols)
if err != nil { if err != nil {
return nil, err return nil, err
} }

43
cmd/storage-rpc-server-datatypes.go
Unescape View File

@ -16,12 +16,34 @@
package main package main
// RPCLoginArgs - login username and password for RPC.
type RPCLoginArgs struct {
Username string
Password string
}
// RPCLoginReply - login reply provides generated token to be used
// with subsequent requests.
type RPCLoginReply struct {
Token string
ServerVersion string
}
// GenericReply represents any generic RPC reply. // GenericReply represents any generic RPC reply.
type GenericReply struct{} type GenericReply struct{}
// GenericArgs represents any generic RPC arguments. // GenericArgs represents any generic RPC arguments.
type GenericArgs struct{} type GenericArgs struct{}
// GenericVolArgs - generic volume args.
type GenericVolArgs struct {
// Authentication token generated by Login.
Token string
// Name of the volume.
Vol string
}
// ListVolsReply represents list of vols RPC reply. // ListVolsReply represents list of vols RPC reply.
type ListVolsReply struct { type ListVolsReply struct {
// List of volumes stat information. // List of volumes stat information.
@ -30,6 +52,9 @@ type ListVolsReply struct {
// ReadAllArgs represents read all RPC arguments. // ReadAllArgs represents read all RPC arguments.
type ReadAllArgs struct { type ReadAllArgs struct {
// Authentication token generated by Login.
Token string
// Name of the volume. // Name of the volume.
Vol string Vol string
@ -39,6 +64,9 @@ type ReadAllArgs struct {
// ReadFileArgs represents read file RPC arguments. // ReadFileArgs represents read file RPC arguments.
type ReadFileArgs struct { type ReadFileArgs struct {
// Authentication token generated by Login.
Token string
// Name of the volume. // Name of the volume.
Vol string Vol string
@ -54,6 +82,9 @@ type ReadFileArgs struct {
// AppendFileArgs represents append file RPC arguments. // AppendFileArgs represents append file RPC arguments.
type AppendFileArgs struct { type AppendFileArgs struct {
// Authentication token generated by Login.
Token string
// Name of the volume. // Name of the volume.
Vol string Vol string
@ -66,6 +97,9 @@ type AppendFileArgs struct {
// StatFileArgs represents stat file RPC arguments. // StatFileArgs represents stat file RPC arguments.
type StatFileArgs struct { type StatFileArgs struct {
// Authentication token generated by Login.
Token string
// Name of the volume. // Name of the volume.
Vol string Vol string
@ -75,6 +109,9 @@ type StatFileArgs struct {
// DeleteFileArgs represents delete file RPC arguments. // DeleteFileArgs represents delete file RPC arguments.
type DeleteFileArgs struct { type DeleteFileArgs struct {
// Authentication token generated by Login.
Token string
// Name of the volume. // Name of the volume.
Vol string Vol string
@ -84,6 +121,9 @@ type DeleteFileArgs struct {
// ListDirArgs represents list contents RPC arguments. // ListDirArgs represents list contents RPC arguments.
type ListDirArgs struct { type ListDirArgs struct {
// Authentication token generated by Login.
Token string
// Name of the volume. // Name of the volume.
Vol string Vol string
@ -93,6 +133,9 @@ type ListDirArgs struct {
// RenameFileArgs represents rename file RPC arguments. // RenameFileArgs represents rename file RPC arguments.
type RenameFileArgs struct { type RenameFileArgs struct {
// Authentication token generated by Login.
Token string
// Name of source volume. // Name of source volume.
SrcVol string SrcVol string

119
cmd/storage-rpc-server.go
Unescape View File

@ -17,10 +17,13 @@
package main package main
import ( import (
"errors"
"fmt"
"net/rpc" "net/rpc"
"path" "path"
"strings" "strings"
jwtgo "github.com/dgrijalva/jwt-go"
router "github.com/gorilla/mux" router "github.com/gorilla/mux"
) )
@ -31,15 +34,62 @@ type storageServer struct {
path string path string
} }
// Validates if incoming token is valid.
func isRPCTokenValid(tokenStr string) bool {
jwt, err := newJWT(defaultWebTokenExpiry) // Expiry set to 24Hrs.
if err != nil {
errorIf(err, "Unable to initialize JWT")
return false
}
token, err := jwtgo.Parse(tokenStr, func(token *jwtgo.Token) (interface{}, error) {
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return []byte(jwt.SecretAccessKey), nil
})
if err != nil {
errorIf(err, "Unable to parse JWT token string")
return false
}
// Return if token is valid.
return token.Valid
}
/// Auth operations
// Login - login handler.
func (s *storageServer) LoginHandler(args *RPCLoginArgs, reply *RPCLoginReply) error {
jwt, err := newJWT(defaultTokenExpiry)
if err != nil {
return err
}
if err = jwt.Authenticate(args.Username, args.Password); err != nil {
return err
}
token, err := jwt.GenerateToken(args.Username)
if err != nil {
return err
}
reply.Token = token
reply.ServerVersion = minioVersion
return nil
}
/// Volume operations handlers /// Volume operations handlers
// MakeVolHandler - make vol handler is rpc wrapper for MakeVol operation. // MakeVolHandler - make vol handler is rpc wrapper for MakeVol operation.
func (s *storageServer) MakeVolHandler(arg *string, reply *GenericReply) error { func (s *storageServer) MakeVolHandler(args *GenericVolArgs, reply *GenericReply) error {
return s.storage.MakeVol(*arg) if !isRPCTokenValid(args.Token) {
return errors.New("Invalid token")
}
return s.storage.MakeVol(args.Vol)
} }
// ListVolsHandler - list vols handler is rpc wrapper for ListVols operation. // ListVolsHandler - list vols handler is rpc wrapper for ListVols operation.
func (s *storageServer) ListVolsHandler(arg *string, reply *ListVolsReply) error { func (s *storageServer) ListVolsHandler(token *string, reply *ListVolsReply) error {
if !isRPCTokenValid(*token) {
return errors.New("Invalid token")
}
vols, err := s.storage.ListVols() vols, err := s.storage.ListVols()
if err != nil { if err != nil {
return err return err
@ -49,8 +99,11 @@ func (s *storageServer) ListVolsHandler(arg *string, reply *ListVolsReply) error
} }
// StatVolHandler - stat vol handler is a rpc wrapper for StatVol operation. // StatVolHandler - stat vol handler is a rpc wrapper for StatVol operation.
func (s *storageServer) StatVolHandler(arg *string, reply *VolInfo) error { func (s *storageServer) StatVolHandler(args *GenericVolArgs, reply *VolInfo) error {
volInfo, err := s.storage.StatVol(*arg) if !isRPCTokenValid(args.Token) {
return errors.New("Invalid token")
}
volInfo, err := s.storage.StatVol(args.Vol)
if err != nil { if err != nil {
return err return err
} }
@ -60,15 +113,21 @@ func (s *storageServer) StatVolHandler(arg *string, reply *VolInfo) error {
// DeleteVolHandler - delete vol handler is a rpc wrapper for // DeleteVolHandler - delete vol handler is a rpc wrapper for
// DeleteVol operation. // DeleteVol operation.
func (s *storageServer) DeleteVolHandler(arg *string, reply *GenericReply) error { func (s *storageServer) DeleteVolHandler(args *GenericVolArgs, reply *GenericReply) error {
return s.storage.DeleteVol(*arg) if !isRPCTokenValid(args.Token) {
return errors.New("Invalid token")
}
return s.storage.DeleteVol(args.Vol)
} }
/// File operations /// File operations
// StatFileHandler - stat file handler is rpc wrapper to stat file. // StatFileHandler - stat file handler is rpc wrapper to stat file.
func (s *storageServer) StatFileHandler(arg *StatFileArgs, reply *FileInfo) error { func (s *storageServer) StatFileHandler(args *StatFileArgs, reply *FileInfo) error {
fileInfo, err := s.storage.StatFile(arg.Vol, arg.Path) if !isRPCTokenValid(args.Token) {
return errors.New("Invalid token")
}
fileInfo, err := s.storage.StatFile(args.Vol, args.Path)
if err != nil { if err != nil {
return err return err
} }
@ -77,8 +136,11 @@ func (s *storageServer) StatFileHandler(arg *StatFileArgs, reply *FileInfo) erro
} }
// ListDirHandler - list directory handler is rpc wrapper to list dir. // ListDirHandler - list directory handler is rpc wrapper to list dir.
func (s *storageServer) ListDirHandler(arg *ListDirArgs, reply *[]string) error { func (s *storageServer) ListDirHandler(args *ListDirArgs, reply *[]string) error {
entries, err := s.storage.ListDir(arg.Vol, arg.Path) if !isRPCTokenValid(args.Token) {
return errors.New("Invalid token")
}
entries, err := s.storage.ListDir(args.Vol, args.Path)
if err != nil { if err != nil {
return err return err
} }
@ -87,8 +149,11 @@ func (s *storageServer) ListDirHandler(arg *ListDirArgs, reply *[]string) error
} }
// ReadAllHandler - read all handler is rpc wrapper to read all storage API. // ReadAllHandler - read all handler is rpc wrapper to read all storage API.
func (s *storageServer) ReadAllHandler(arg *ReadFileArgs, reply *[]byte) error { func (s *storageServer) ReadAllHandler(args *ReadFileArgs, reply *[]byte) error {
buf, err := s.storage.ReadAll(arg.Vol, arg.Path) if !isRPCTokenValid(args.Token) {
return errors.New("Invalid token")
}
buf, err := s.storage.ReadAll(args.Vol, args.Path)
if err != nil { if err != nil {
return err return err
} }
@ -97,8 +162,11 @@ func (s *storageServer) ReadAllHandler(arg *ReadFileArgs, reply *[]byte) error {
} }
// ReadFileHandler - read file handler is rpc wrapper to read file. // ReadFileHandler - read file handler is rpc wrapper to read file.
func (s *storageServer) ReadFileHandler(arg *ReadFileArgs, reply *int64) error { func (s *storageServer) ReadFileHandler(args *ReadFileArgs, reply *int64) error {
n, err := s.storage.ReadFile(arg.Vol, arg.Path, arg.Offset, arg.Buffer) if !isRPCTokenValid(args.Token) {
return errors.New("Invalid token")
}
n, err := s.storage.ReadFile(args.Vol, args.Path, args.Offset, args.Buffer)
if err != nil { if err != nil {
return err return err
} }
@ -107,18 +175,27 @@ func (s *storageServer) ReadFileHandler(arg *ReadFileArgs, reply *int64) error {
} }
// AppendFileHandler - append file handler is rpc wrapper to append file. // AppendFileHandler - append file handler is rpc wrapper to append file.
func (s *storageServer) AppendFileHandler(arg *AppendFileArgs, reply *GenericReply) error { func (s *storageServer) AppendFileHandler(args *AppendFileArgs, reply *GenericReply) error {
return s.storage.AppendFile(arg.Vol, arg.Path, arg.Buffer) if !isRPCTokenValid(args.Token) {
return errors.New("Invalid token")
}
return s.storage.AppendFile(args.Vol, args.Path, args.Buffer)
} }
// DeleteFileHandler - delete file handler is rpc wrapper to delete file. // DeleteFileHandler - delete file handler is rpc wrapper to delete file.
func (s *storageServer) DeleteFileHandler(arg *DeleteFileArgs, reply *GenericReply) error { func (s *storageServer) DeleteFileHandler(args *DeleteFileArgs, reply *GenericReply) error {
return s.storage.DeleteFile(arg.Vol, arg.Path) if !isRPCTokenValid(args.Token) {
return errors.New("Invalid token")
}
return s.storage.DeleteFile(args.Vol, args.Path)
} }
// RenameFileHandler - rename file handler is rpc wrapper to rename file. // RenameFileHandler - rename file handler is rpc wrapper to rename file.
func (s *storageServer) RenameFileHandler(arg *RenameFileArgs, reply *GenericReply) error { func (s *storageServer) RenameFileHandler(args *RenameFileArgs, reply *GenericReply) error {
return s.storage.RenameFile(arg.SrcVol, arg.SrcPath, arg.DstVol, arg.DstPath) if !isRPCTokenValid(args.Token) {
return errors.New("Invalid token")
}
return s.storage.RenameFile(args.SrcVol, args.SrcPath, args.DstVol, args.DstPath)
} }
// Initialize new storage rpc. // Initialize new storage rpc.

13
cmd/web-handlers.go
Unescape View File

@ -41,7 +41,7 @@ import (
// isJWTReqAuthenticated validates if any incoming request to be a // isJWTReqAuthenticated validates if any incoming request to be a
// valid JWT authenticated request. // valid JWT authenticated request.
func isJWTReqAuthenticated(req *http.Request) bool { func isJWTReqAuthenticated(req *http.Request) bool {
jwt, err := newJWT() jwt, err := newJWT(defaultWebTokenExpiry)
if err != nil { if err != nil {
errorIf(err, "unable to initialize a new JWT") errorIf(err, "unable to initialize a new JWT")
return false return false
@ -289,9 +289,14 @@ type LoginRep struct {
UIVersion string `json:"uiVersion"` UIVersion string `json:"uiVersion"`
} }
// Default JWT for minio browser expires in 24hrs.
const (
defaultWebTokenExpiry time.Duration = time.Hour * 24 // 24Hrs.
)
// Login - user login handler. // Login - user login handler.
func (web *webAPIHandlers) Login(r *http.Request, args *LoginArgs, reply *LoginRep) error { func (web *webAPIHandlers) Login(r *http.Request, args *LoginArgs, reply *LoginRep) error {
jwt, err := newJWT() jwt, err := newJWT(defaultWebTokenExpiry)
if err != nil { if err != nil {
return &json2.Error{Message: err.Error()} return &json2.Error{Message: err.Error()}
} }
@ -356,7 +361,7 @@ func (web *webAPIHandlers) SetAuth(r *http.Request, args *SetAuthArgs, reply *Se
return &json2.Error{Message: err.Error()} return &json2.Error{Message: err.Error()}
} }
jwt, err := newJWT() jwt, err := newJWT(defaultWebTokenExpiry) // JWT Expiry set to 24Hrs.
if err != nil { if err != nil {
return &json2.Error{Message: err.Error()} return &json2.Error{Message: err.Error()}
} }
@ -442,7 +447,7 @@ func (web *webAPIHandlers) Download(w http.ResponseWriter, r *http.Request) {
object := vars["object"] object := vars["object"]
tokenStr := r.URL.Query().Get("token") tokenStr := r.URL.Query().Get("token")
jwt, err := newJWT() jwt, err := newJWT(defaultWebTokenExpiry) // Expiry set to 24Hrs.
if err != nil { if err != nil {
errorIf(err, "error in getting new JWT") errorIf(err, "error in getting new JWT")
return return

Write Preview
Loading…
Cancel
Save