add missing validate access keys after being extracted from AuthHeader

master
Harshavardhana 10 years ago
parent 138288f788
commit e11f9110b6
  1. 4
      pkg/api/api_generic_handlers.go
  2. 34
      pkg/utils/crypto/keys/common.go

@ -23,6 +23,7 @@ import (
"time" "time"
"github.com/minio/minio/pkg/api/config" "github.com/minio/minio/pkg/api/config"
"github.com/minio/minio/pkg/utils/crypto/keys"
) )
type contentTypeHandler struct { type contentTypeHandler struct {
@ -78,6 +79,9 @@ func stripAuth(r *http.Request) (*auth, error) {
a.signedheaders = strings.Split(signedheaders, "=")[1] a.signedheaders = strings.Split(signedheaders, "=")[1]
a.signature = strings.Split(signature, "=")[1] a.signature = strings.Split(signature, "=")[1]
a.accessKey = strings.Split(a.credential, "/")[0] a.accessKey = strings.Split(a.credential, "/")[0]
if !keys.IsValidAccessKey(a.accessKey) {
return nil, errors.New("Invalid access key")
}
return a, nil return a, nil
} }

@ -16,6 +16,8 @@
package keys package keys
import "regexp"
// AccessID and SecretID length in bytes // AccessID and SecretID length in bytes
const ( const (
MinioAccessID = 20 MinioAccessID = 20
@ -24,26 +26,20 @@ const (
/// helpers /// helpers
// Is alphanumeric? // IsValidSecretKey - validate secret key
func isalnum(c byte) bool { func IsValidSecretKey(secretAccessKey string) bool {
return '0' <= c && c <= '9' || 'A' <= c && c <= 'Z' || 'a' <= c && c <= 'z' if secretAccessKey == "" {
} return true
// IsValidAccessKey - validate access key for only alphanumeric characters
func IsValidAccessKey(key []byte) bool {
for _, char := range key {
if isalnum(char) {
continue
}
switch char {
case '-':
case '.':
case '_':
case '~':
continue
default:
return false
} }
regex := regexp.MustCompile("^.{40}$")
return regex.MatchString(secretAccessKey)
} }
// IsValidAccessKey - validate access key
func IsValidAccessKey(accessKeyID string) bool {
if accessKeyID == "" {
return true return true
} }
regex := regexp.MustCompile("^[A-Z0-9\\-\\.\\_\\~]{20}$")
return regex.MatchString(accessKeyID)
}

Loading…
Cancel
Save