HMAC is a much simpler implementation, providing the same benefits as RSA, avoids additional steps and keeps the code simpler. This patch also additionally - Implements PutObjectURL API. - GetObjectURL, PutObjectURL take TargetHost as another argument for generating URL's for proper target destination. - Adds experimental TLS support for JSON RPC calls.master
parent
0c96ace8ad
commit
db387912f2
@ -0,0 +1,39 @@ |
|||||||
|
## Minio Browser |
||||||
|
|
||||||
|
Minio Browser uses Json Web Tokens to authenticate JSON RPC requests. |
||||||
|
|
||||||
|
Initial request generates a token for 'AccessKey' and 'SecretKey' |
||||||
|
provided by the user. |
||||||
|
|
||||||
|
<blockquote> |
||||||
|
Currently these tokens expire after 10hrs, this is not configurable yet. |
||||||
|
</blockquote> |
||||||
|
|
||||||
|
### Start minio server |
||||||
|
|
||||||
|
``` |
||||||
|
minio server <testdir> |
||||||
|
``` |
||||||
|
|
||||||
|
### JSON RPC APIs. |
||||||
|
|
||||||
|
JSON RPC namespace is `Web`. |
||||||
|
|
||||||
|
#### Auth Operations |
||||||
|
|
||||||
|
* Login - waits for 'username, password' and on success replies a new Json Web Token (JWT). |
||||||
|
* ResetToken - resets token, requires password and token. |
||||||
|
* Logout - currently a dummy operation. |
||||||
|
|
||||||
|
#### Bucket/Object Operations. |
||||||
|
|
||||||
|
* ListBuckets - lists buckets, requires a valid token. |
||||||
|
* ListObjects - lists objects, requires a valid token. |
||||||
|
* MakeBucket - make a new bucket, requires a valid token. |
||||||
|
* GetObjectURL - generates a URL for download access, requires a valid token. |
||||||
|
(generated URL is valid for 1hr) |
||||||
|
* PutObjectURL - generates a URL for upload access, requies a valid token. |
||||||
|
(generated URL is valid for 1hr) |
||||||
|
|
||||||
|
#### Server Operations. |
||||||
|
* DiskInfo - get backend disk statistics. |
@ -1,61 +0,0 @@ |
|||||||
### Generate RSA keys for JWT |
|
||||||
|
|
||||||
``` |
|
||||||
mkdir -p ~/.minio/web |
|
||||||
``` |
|
||||||
|
|
||||||
``` |
|
||||||
openssl genrsa -out ~/.minio/web/private.key 2048 |
|
||||||
``` |
|
||||||
|
|
||||||
``` |
|
||||||
openssl rsa -in ~/.minio/web/private.key -outform PEM -pubout -out ~/.minio/web/public.key |
|
||||||
``` |
|
||||||
### Start minio server |
|
||||||
|
|
||||||
``` |
|
||||||
minio server <testdir> |
|
||||||
``` |
|
||||||
|
|
||||||
### Implemented JSON RPC APIs. |
|
||||||
|
|
||||||
Namespace `Web` |
|
||||||
|
|
||||||
* Login - waits for 'username, password' and on success replies a new JWT token. |
|
||||||
* ResetToken - resets token, requires password and token. |
|
||||||
* Logout - currently a dummy operation. |
|
||||||
* ListBuckets - lists buckets, requires valid token. |
|
||||||
* ListObjects - lists objects, requires valid token. |
|
||||||
* GetObjectURL - generates a url for download access, requires valid token. |
|
||||||
|
|
||||||
### Now you can use `webrpc.js` to make requests. |
|
||||||
|
|
||||||
- Login example |
|
||||||
```js |
|
||||||
var webRPC = require('webrpc'); |
|
||||||
var web = new webRPC("http://localhost:9001/rpc") |
|
||||||
|
|
||||||
// Generate JWT Token. |
|
||||||
web.Login({"username": "YOUR-ACCESS-KEY-ID", "password": "YOUR-SECRET-ACCESS-KEY"}) |
|
||||||
.then(function(data) { |
|
||||||
console.log("success : ", data); |
|
||||||
}) |
|
||||||
.catch(function(error) { |
|
||||||
console.log("fail : ", error.toString()); |
|
||||||
}); |
|
||||||
``` |
|
||||||
|
|
||||||
- ListBuckets example |
|
||||||
```js |
|
||||||
var webRPC = require('webrpc'); |
|
||||||
var web = new webRPC("http://localhost:9001/rpc", "my-token") |
|
||||||
|
|
||||||
// Generate Token. |
|
||||||
web.ListBuckets() |
|
||||||
.then(function(data) { |
|
||||||
console.log("Success : ", data); |
|
||||||
}) |
|
||||||
.catch(function(error) { |
|
||||||
console.log("fail : ", error.toString()); |
|
||||||
}); |
|
||||||
``` |
|
@ -1,64 +0,0 @@ |
|||||||
/* |
|
||||||
* Minio Cloud Storage, (C) 2016 Minio, Inc. |
|
||||||
* |
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License"); |
|
||||||
* you may not use this file except in compliance with the License. |
|
||||||
* You may obtain a copy of the License at |
|
||||||
* |
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
* |
|
||||||
* Unless required by applicable law or agreed to in writing, software |
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS, |
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
||||||
* See the License for the specific language governing permissions and |
|
||||||
* limitations under the License. |
|
||||||
*/ |
|
||||||
|
|
||||||
package main |
|
||||||
|
|
||||||
import ( |
|
||||||
"os" |
|
||||||
"path/filepath" |
|
||||||
|
|
||||||
"github.com/minio/minio-xl/pkg/probe" |
|
||||||
"github.com/minio/minio/pkg/user" |
|
||||||
) |
|
||||||
|
|
||||||
var customWebConfigDir = "" |
|
||||||
|
|
||||||
// getWebConfigDir get web config dir.
|
|
||||||
func getWebConfigDir() (string, *probe.Error) { |
|
||||||
if customWebConfigDir != "" { |
|
||||||
return customWebConfigDir, nil |
|
||||||
} |
|
||||||
homeDir, e := user.HomeDir() |
|
||||||
if e != nil { |
|
||||||
return "", probe.NewError(e) |
|
||||||
} |
|
||||||
webConfigDir := filepath.Join(homeDir, ".minio", "web") |
|
||||||
return webConfigDir, nil |
|
||||||
} |
|
||||||
|
|
||||||
func mustGetWebConfigDir() string { |
|
||||||
webConfigDir, err := getWebConfigDir() |
|
||||||
fatalIf(err.Trace(), "Unable to get config path.", nil) |
|
||||||
return webConfigDir |
|
||||||
} |
|
||||||
|
|
||||||
// createWebConfigDir create users config path
|
|
||||||
func createWebConfigDir() *probe.Error { |
|
||||||
webConfigDir, err := getWebConfigDir() |
|
||||||
if err != nil { |
|
||||||
return err.Trace() |
|
||||||
} |
|
||||||
if err := os.MkdirAll(webConfigDir, 0700); err != nil { |
|
||||||
return probe.NewError(err) |
|
||||||
} |
|
||||||
return nil |
|
||||||
} |
|
||||||
|
|
||||||
func mustGetPrivateKeyPath() string { |
|
||||||
webConfigDir, err := getWebConfigDir() |
|
||||||
fatalIf(err.Trace(), "Unable to get config path.", nil) |
|
||||||
return webConfigDir + "/private.key" |
|
||||||
} |
|
Loading…
Reference in new issue