From 6e10631d9c8b28038468c9759df2cde15fc4b674 Mon Sep 17 00:00:00 2001 From: Shawnpku Date: Mon, 4 Mar 2019 14:53:48 +0800 Subject: [PATCH] fix default cdn auth duration Signed-off-by: Shawnpku --- .../driver/middleware/alicdn/middleware.go | 2 +- .../aliyungo/cdn/auth/random_uuid.go | 97 ------------------- .../aliyungo/cdn/auth/random_uuid_test.go | 21 ---- .../denverdino/aliyungo/cdn/auth/sign_url.go | 80 --------------- .../aliyungo/cdn/auth/sign_url_test.go | 53 ---------- 5 files changed, 1 insertion(+), 252 deletions(-) delete mode 100644 vendor/github.com/denverdino/aliyungo/cdn/auth/random_uuid.go delete mode 100644 vendor/github.com/denverdino/aliyungo/cdn/auth/random_uuid_test.go delete mode 100644 vendor/github.com/denverdino/aliyungo/cdn/auth/sign_url.go delete mode 100644 vendor/github.com/denverdino/aliyungo/cdn/auth/sign_url_test.go diff --git a/registry/storage/driver/middleware/alicdn/middleware.go b/registry/storage/driver/middleware/alicdn/middleware.go index 1609a9f6d..7c5fc7326 100755 --- a/registry/storage/driver/middleware/alicdn/middleware.go +++ b/registry/storage/driver/middleware/alicdn/middleware.go @@ -72,7 +72,7 @@ func newAliCDNStorageMiddleware(storageDriver storagedriver.StorageDriver, optio urlSigner := auth.NewURLSigner(authType, privateKey) // parse duration - duration := 60 * time.Minute + duration := 20 * time.Minute d, ok := options["duration"] if ok { switch d := d.(type) { diff --git a/vendor/github.com/denverdino/aliyungo/cdn/auth/random_uuid.go b/vendor/github.com/denverdino/aliyungo/cdn/auth/random_uuid.go deleted file mode 100644 index 169a2b6ce..000000000 --- a/vendor/github.com/denverdino/aliyungo/cdn/auth/random_uuid.go +++ /dev/null @@ -1,97 +0,0 @@ -package auth - -import ( - "crypto/rand" - "fmt" - "io" - "os" - "syscall" - "time" -) - -const ( - // Bits is the number of bits in a UUID - Bits = 128 - - // Size is the number of bytes in a UUID - Size = Bits / 8 - - format = "%08x%04x%04x%04x%012x" -) - -var ( - // Loggerf can be used to override the default logging destination. Such - // log messages in this library should be logged at warning or higher. - Loggerf = func(format string, args ...interface{}) {} -) - -// UUID represents a UUID value. UUIDs can be compared and set to other values -// and accessed by byte. -type UUID [Size]byte - -// GenerateUUID creates a new, version 4 uuid. -func GenerateUUID() (u UUID) { - const ( - // ensures we backoff for less than 450ms total. Use the following to - // select new value, in units of 10ms: - // n*(n+1)/2 = d -> n^2 + n - 2d -> n = (sqrt(8d + 1) - 1)/2 - maxretries = 9 - backoff = time.Millisecond * 10 - ) - - var ( - totalBackoff time.Duration - count int - retries int - ) - - for { - // This should never block but the read may fail. Because of this, - // we just try to read the random number generator until we get - // something. This is a very rare condition but may happen. - b := time.Duration(retries) * backoff - time.Sleep(b) - totalBackoff += b - - n, err := io.ReadFull(rand.Reader, u[count:]) - if err != nil { - if retryOnError(err) && retries < maxretries { - count += n - retries++ - Loggerf("error generating version 4 uuid, retrying: %v", err) - continue - } - - // Any other errors represent a system problem. What did someone - // do to /dev/urandom? - panic(fmt.Errorf("error reading random number generator, retried for %v: %v", totalBackoff.String(), err)) - } - - break - } - - u[6] = (u[6] & 0x0f) | 0x40 // set version byte - u[8] = (u[8] & 0x3f) | 0x80 // set high order byte 0b10{8,9,a,b} - - return u -} - -func (u UUID) String() string { - return fmt.Sprintf(format, u[:4], u[4:6], u[6:8], u[8:10], u[10:]) -} - -// retryOnError tries to detect whether or not retrying would be fruitful. -func retryOnError(err error) bool { - switch err := err.(type) { - case *os.PathError: - return retryOnError(err.Err) // unpack the target error - case syscall.Errno: - if err == syscall.EPERM { - // EPERM represents an entropy pool exhaustion, a condition under - // which we backoff and retry. - return true - } - } - - return false -} diff --git a/vendor/github.com/denverdino/aliyungo/cdn/auth/random_uuid_test.go b/vendor/github.com/denverdino/aliyungo/cdn/auth/random_uuid_test.go deleted file mode 100644 index d2cb1a4e2..000000000 --- a/vendor/github.com/denverdino/aliyungo/cdn/auth/random_uuid_test.go +++ /dev/null @@ -1,21 +0,0 @@ -package auth - -import ( - "testing" -) - -const iterations = 1000 - -func TestUUID4Generation(t *testing.T) { - for i := 0; i < iterations; i++ { - u := GenerateUUID() - - if u[6]&0xf0 != 0x40 { - t.Fatalf("version byte not correctly set: %v, %08b %08b", u, u[6], u[6]&0xf0) - } - - if u[8]&0xc0 != 0x80 { - t.Fatalf("top order 8th byte not correctly set: %v, %b", u, u[8]) - } - } -} diff --git a/vendor/github.com/denverdino/aliyungo/cdn/auth/sign_url.go b/vendor/github.com/denverdino/aliyungo/cdn/auth/sign_url.go deleted file mode 100644 index 211bd04f7..000000000 --- a/vendor/github.com/denverdino/aliyungo/cdn/auth/sign_url.go +++ /dev/null @@ -1,80 +0,0 @@ -package auth - -import ( - "crypto/md5" - "fmt" - "net/url" - "time" -) - -// An URLSigner provides URL signing utilities to sign URLs for Aliyun CDN -// resources. -// authentication document: https://help.aliyun.com/document_detail/85117.html -type URLSigner struct { - authType string - privKey string -} - -// NewURLSigner returns a new signer object. -func NewURLSigner(authType string, privKey string) *URLSigner { - return &URLSigner{ - authType: authType, - privKey: privKey, - } -} - -// Sign returns a signed aliyuncdn url based on authentication type -func (s URLSigner) Sign(uri string, expires time.Time) (string, error) { - r, err := url.Parse(uri) - if err != nil { - return "", fmt.Errorf("unable to parse url: %s", uri) - } - - switch s.authType { - case "a": - return aTypeSign(r, s.privKey, expires), nil - case "b": - return bTypeSign(r, s.privKey, expires), nil - case "c": - return cTypeSign(r, s.privKey, expires), nil - default: - return "", fmt.Errorf("invalid authentication type") - } -} - -// sign by A type authentication method. -// authentication document: https://help.aliyun.com/document_detail/85113.html -func aTypeSign(r *url.URL, privateKey string, expires time.Time) string { - //rand is a random uuid without "-" - rand := GenerateUUID().String() - // not use, "0" by default - uid := "0" - secret := fmt.Sprintf("%s-%d-%s-%s-%s", r.Path, expires.Unix(), rand, uid, privateKey) - hashValue := md5.Sum([]byte(secret)) - authKey := fmt.Sprintf("%d-%s-%s-%x", expires.Unix(), rand, uid, hashValue) - if r.RawQuery == "" { - return fmt.Sprintf("%s?auth_key=%s", r.String(), authKey) - } - return fmt.Sprintf("%s&auth_key=%s", r.String(), authKey) - -} - -// sign by B type authentication method. -// authentication document: https://help.aliyun.com/document_detail/85114.html -func bTypeSign(r *url.URL, privateKey string, expires time.Time) string { - formatExp := expires.Format("200601021504") - secret := privateKey + formatExp + r.Path - hashValue := md5.Sum([]byte(secret)) - signURL := fmt.Sprintf("%s://%s/%s/%x%s?%s", r.Scheme, r.Host, formatExp, hashValue, r.Path, r.RawQuery) - return signURL -} - -// sign by C type authentication method. -// authentication document: https://help.aliyun.com/document_detail/85115.html -func cTypeSign(r *url.URL, privateKey string, expires time.Time) string { - hexExp := fmt.Sprintf("%x", expires.Unix()) - secret := privateKey + r.Path + hexExp - hashValue := md5.Sum([]byte(secret)) - signURL := fmt.Sprintf("%s://%s/%x/%s%s?%s", r.Scheme, r.Host, hashValue, hexExp, r.Path, r.RawQuery) - return signURL -} diff --git a/vendor/github.com/denverdino/aliyungo/cdn/auth/sign_url_test.go b/vendor/github.com/denverdino/aliyungo/cdn/auth/sign_url_test.go deleted file mode 100644 index 46291d486..000000000 --- a/vendor/github.com/denverdino/aliyungo/cdn/auth/sign_url_test.go +++ /dev/null @@ -1,53 +0,0 @@ -package auth - -import ( - "crypto/md5" - "fmt" - "net/url" - "reflect" - "testing" - "time" -) - -var ( - testSignTime = time.Unix(1541064730, 0) - testPrivKey = "12345678" -) - -func assertEqual(t *testing.T, name string, x, y interface{}) { - if !reflect.DeepEqual(x, y) { - t.Errorf("%s: Not equal! Expected='%v', Actual='%v'\n", name, x, y) - t.FailNow() - } -} - -func TestAtypeAuth(t *testing.T) { - r, _ := url.Parse("https://example.com/a?foo=bar") - url := aTypeTest(r, testPrivKey, testSignTime) - assertEqual(t, "testTypeA", "https://example.com/a?foo=bar&auth_key=1541064730-0-0-f9dd5ed1e274ab4b1d5f5745344bf28b", url) -} - -func TestBtypeAuth(t *testing.T) { - signer := NewURLSigner("b", testPrivKey) - url, _ := signer.Sign("https://example.com/a?foo=bar", testSignTime) - assertEqual(t, "testTypeB", "https://example.com/201811011732/3a19d83a89ccb00a73212420791b0123/a?foo=bar", url) -} - -func TestCtypeAuth(t *testing.T) { - signer := NewURLSigner("c", testPrivKey) - url, _ := signer.Sign("https://example.com/a?foo=bar", testSignTime) - assertEqual(t, "testTypeC", "https://example.com/7d6b308ce87beb16d9dba32d741220f6/5bdac81a/a?foo=bar", url) -} - -func aTypeTest(r *url.URL, privateKey string, expires time.Time) string { - //rand equals "0" in test case - rand := "0" - uid := "0" - secret := fmt.Sprintf("%s-%d-%s-%s-%s", r.Path, expires.Unix(), rand, uid, privateKey) - hashValue := md5.Sum([]byte(secret)) - authKey := fmt.Sprintf("%d-%s-%s-%x", expires.Unix(), rand, uid, hashValue) - if r.RawQuery == "" { - return fmt.Sprintf("%s?auth_key=%s", r.String(), authKey) - } - return fmt.Sprintf("%s&auth_key=%s", r.String(), authKey) -}