Generate auth now saves in ${HOME}/.minio/users.json, also authHandler verifies request validity

pkg/auth/config.go

@@ -34,7 +34,7 @@ type User struct {
 // Config auth keys
 type Config struct {
 	Version string
-	Users   map[string]User
+	Users   map[string]*User
 }
 
 // getAuthConfigPath get donut config file path
@@ -86,6 +86,7 @@ func LoadConfig() (*Config, error) {
 	}
 	a := &Config{}
 	a.Version = "0.0.1"
+	a.Users = make(map[string]*User)
 	qc, err := quick.New(a)
 	if err != nil {
 		return nil, iodine.New(err, nil)

pkg/controller/client.go

@@ -21,6 +21,7 @@ import (
 	"net/http"
 
 	jsonrpc "github.com/gorilla/rpc/v2/json"
+	"github.com/minio/minio/pkg/auth"
 	"github.com/minio/minio/pkg/iodine"
 	"github.com/minio/minio/pkg/server/rpc"
 )
@@ -110,6 +111,17 @@ func GetAuthKeys(url string) ([]byte, error) {
 	if err := jsonrpc.DecodeClientResponse(resp.Body, &reply); err != nil {
 		return nil, iodine.New(err, nil)
 	}
+	authConfig := &auth.Config{}
+	authConfig.Version = "0.0.1"
+	authConfig.Users = make(map[string]*auth.User)
+	user := &auth.User{}
+	user.Name = "testuser"
+	user.AccessKeyID = reply.AccessKeyID
+	user.SecretAccessKey = reply.SecretAccessKey
+	authConfig.Users[reply.AccessKeyID] = user
+	if err := auth.SaveConfig(authConfig); err != nil {
+		return nil, iodine.New(err, nil)
+	}
 	return json.MarshalIndent(reply, "", "\t")
 }
 

pkg/server/api/generic-handlers.go

@@ -19,14 +19,10 @@ package api
 import (
 	"errors"
 	"net/http"
-	"os"
-	"os/user"
-	"path/filepath"
 	"strings"
 	"time"
 
 	"github.com/minio/minio/pkg/auth"
-	"github.com/minio/minio/pkg/quick"
 )
 
 type contentTypeHandler struct {
@@ -182,57 +178,22 @@ func ValidateAuthHeaderHandler(h http.Handler) http.Handler {
 	return validateAuthHandler{h}
 }
 
-// User context
-type User struct {
-	Version   string
-	Name      string
-	AccessKey string
-	SecretKey string
-}
-
-func getConfigFile() string {
-	u, err := user.Current()
-	if err != nil {
-		return ""
-	}
-	confPath := filepath.Join(u.HomeDir, ".minio")
-	if err := os.MkdirAll(confPath, 0700); err != nil {
-		return ""
-	}
-	return filepath.Join(confPath, "users.json")
-}
-
 // validate auth header handler ServeHTTP() wrapper
 func (h validateAuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	acceptsContentType := getContentType(r)
-	_, err := stripAuth(r)
+	ah, err := stripAuth(r)
 	switch err.(type) {
 	case nil:
-		users := make(map[string]User)
+		authConfig, err := auth.LoadConfig()
-		configFile := getConfigFile()
-		if configFile == "" {
-			writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
-			return
-		}
-		qconf, err := quick.New(&users)
 		if err != nil {
 			writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
 			return
 		}
-		if err := qconf.Save(configFile); err != nil {
+		_, ok := authConfig.Users[ah.accessKey]
-			writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
+		if !ok {
-			return
+			writeErrorResponse(w, r, AccessDenied, acceptsContentType, r.URL.Path)
-		}
-		if err := qconf.Load(configFile); err != nil {
-			writeErrorResponse(w, r, InternalError, acceptsContentType, r.URL.Path)
 			return
 		}
-		// uncomment this when we have webcli
-		// _, ok := conf.Users[auth.accessKey]
-		//if !ok {
-		//	writeErrorResponse(w, r, AccessDenied, acceptsContentType, r.URL.Path)
-		//	return
-		//}
 		// Success
 		h.handler.ServeHTTP(w, r)
 	default: