updated the authentication to recognize X-Auth-Username and X-Auth-Password
This commit is contained in:
parent
ef3e80efb8
commit
ec51c101ec
@ -5,7 +5,6 @@ import "crypto/tls"
|
|||||||
import "errors"
|
import "errors"
|
||||||
import "fmt"
|
import "fmt"
|
||||||
import "log"
|
import "log"
|
||||||
//import "math/rand"
|
|
||||||
import "net"
|
import "net"
|
||||||
import "net/http"
|
import "net/http"
|
||||||
import "sync"
|
import "sync"
|
||||||
@ -1251,8 +1250,10 @@ func (c *Client) wrap_http_handler(handler ClientHttpHandler) http.Handler {
|
|||||||
start_time = time.Now()
|
start_time = time.Now()
|
||||||
|
|
||||||
status_code, realm = handler.Authenticate(req)
|
status_code, realm = handler.Authenticate(req)
|
||||||
if status_code == http.StatusUnauthorized && realm != "" {
|
if status_code == http.StatusUnauthorized {
|
||||||
|
if realm != "" {
|
||||||
w.Header().Set("WWW-Authenticate", fmt.Sprintf("Basic Realm=\"%s\"", realm))
|
w.Header().Set("WWW-Authenticate", fmt.Sprintf("Basic Realm=\"%s\"", realm))
|
||||||
|
}
|
||||||
WriteEmptyRespHeader(w, status_code)
|
WriteEmptyRespHeader(w, status_code)
|
||||||
} else if status_code == http.StatusOK {
|
} else if status_code == http.StatusOK {
|
||||||
status_code, err = handler.ServeHTTP(w, req)
|
status_code, err = handler.ServeHTTP(w, req)
|
||||||
|
|||||||
20
hodu.go
20
hodu.go
@ -78,6 +78,11 @@ type JsonErrmsg struct {
|
|||||||
Text string `json:"error-text"`
|
Text string `json:"error-text"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type json_in_cred struct {
|
||||||
|
Username string `json:"username"`
|
||||||
|
Password string `json:"password"`
|
||||||
|
}
|
||||||
|
|
||||||
type json_out_go_stats struct {
|
type json_out_go_stats struct {
|
||||||
CPUs int `json:"cpus"`
|
CPUs int `json:"cpus"`
|
||||||
Goroutines int `json:"goroutines"`
|
Goroutines int `json:"goroutines"`
|
||||||
@ -374,15 +379,14 @@ func (auth *HttpAuthConfig) Authenticate(req *http.Request) (int, string) {
|
|||||||
|
|
||||||
if auth != nil && auth.Enabled {
|
if auth != nil && auth.Enabled {
|
||||||
var auth_hdr string
|
var auth_hdr string
|
||||||
var auth_parts []string
|
|
||||||
var username string
|
var username string
|
||||||
var password string
|
var password string
|
||||||
var credpass string
|
var credpass string
|
||||||
var ok bool
|
var ok bool
|
||||||
var err error
|
|
||||||
|
|
||||||
auth_hdr = req.Header.Get("Authorization")
|
auth_hdr = req.Header.Get("Authorization")
|
||||||
if auth_hdr == "" { return http.StatusUnauthorized, auth.Realm }
|
if auth_hdr != "" {
|
||||||
|
var auth_parts []string
|
||||||
|
|
||||||
auth_parts = strings.Fields(auth_hdr)
|
auth_parts = strings.Fields(auth_hdr)
|
||||||
if len(auth_parts) == 2 && strings.EqualFold(auth_parts[0], "Bearer") && auth.TokenRsaKey != nil {
|
if len(auth_parts) == 2 && strings.EqualFold(auth_parts[0], "Bearer") && auth.TokenRsaKey != nil {
|
||||||
@ -397,13 +401,21 @@ func (auth *HttpAuthConfig) Authenticate(req *http.Request) (int, string) {
|
|||||||
if now.After(time.Unix(claim.IssuedAt, 0)) && now.Before(time.Unix(claim.ExpiresAt, 0)) { return http.StatusOK, "" } // not expired
|
if now.After(time.Unix(claim.IssuedAt, 0)) && now.Before(time.Unix(claim.ExpiresAt, 0)) { return http.StatusOK, "" } // not expired
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
username = req.Header.Get("X-Auth-Username")
|
||||||
|
password = req.Header.Get("X-Auth-Password")
|
||||||
|
|
||||||
// fall back to basic authentication
|
// fall back to basic authentication
|
||||||
|
if username == "" && password == "" && auth.Realm != "" {
|
||||||
username, password, ok = req.BasicAuth()
|
username, password, ok = req.BasicAuth()
|
||||||
if !ok { return http.StatusUnauthorized, auth.Realm }
|
if !ok { return http.StatusUnauthorized, auth.Realm }
|
||||||
|
}
|
||||||
|
|
||||||
credpass, ok = auth.Creds[username]
|
credpass, ok = auth.Creds[username]
|
||||||
if !ok || credpass != password { return http.StatusUnauthorized, auth.Realm }
|
if !ok || credpass != password {
|
||||||
|
return http.StatusUnauthorized, auth.Realm
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return http.StatusOK, ""
|
return http.StatusOK, ""
|
||||||
|
|||||||
@ -966,8 +966,10 @@ func (s *Server) wrap_http_handler(handler ServerHttpHandler) http.Handler {
|
|||||||
|
|
||||||
start_time = time.Now()
|
start_time = time.Now()
|
||||||
status_code, realm = handler.Authenticate(req)
|
status_code, realm = handler.Authenticate(req)
|
||||||
if status_code == http.StatusUnauthorized && realm != "" {
|
if status_code == http.StatusUnauthorized {
|
||||||
|
if realm != "" {
|
||||||
w.Header().Set("WWW-Authenticate", fmt.Sprintf("Basic Realm=\"%s\"", realm))
|
w.Header().Set("WWW-Authenticate", fmt.Sprintf("Basic Realm=\"%s\"", realm))
|
||||||
|
}
|
||||||
WriteEmptyRespHeader(w, status_code)
|
WriteEmptyRespHeader(w, status_code)
|
||||||
} else if status_code == http.StatusOK {
|
} else if status_code == http.StatusOK {
|
||||||
status_code, err = handler.ServeHTTP(w, req)
|
status_code, err = handler.ServeHTTP(w, req)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user