From 58b877b97cd77e2f6f970c41281256555cf74b30 Mon Sep 17 00:00:00 2001 From: Evgeniy Kulikov Date: Fri, 27 Nov 2020 15:31:39 +0300 Subject: [PATCH] Refactoring auth.Center Signed-off-by: Evgeniy Kulikov --- api/auth/center.go | 66 ++++++++++++++++++++++++++++++---------------- 1 file changed, 44 insertions(+), 22 deletions(-) diff --git a/api/auth/center.go b/api/auth/center.go index 1a7a82e..aeae6d2 100644 --- a/api/auth/center.go +++ b/api/auth/center.go @@ -1,12 +1,11 @@ package auth import ( - "bytes" "context" "crypto/sha256" "encoding/hex" "fmt" - "io/ioutil" + "io" "net/http" "regexp" "strings" @@ -40,8 +39,20 @@ type ( Logger *zap.Logger Credential hcs.Credentials } + + prs int ) +func (p prs) Read(_ []byte) (n int, err error) { + panic("implement me") +} + +func (p prs) Seek(_ int64, _ int) (int64, error) { + panic("implement me") +} + +var _ io.ReadSeeker = prs(0) + // New creates an instance of AuthCenter. func New(obj sdk.ObjectClient, key hcs.PrivateKey) Center { return ¢er{ @@ -61,6 +72,11 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) { return nil, errors.New("unsupported request: wrong length of Authorization header field") } + // { // to debug request + // data, _ := httputil.DumpRequest(r, false) + // fmt.Println(string(data)) + // } + sms1 := c.reg.getSubmatches(authHeaderField[0]) if len(sms1) != 7 { return nil, errors.New("bad Authorization header field") @@ -110,34 +126,40 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) { awsCreds := credentials.NewStaticCredentials(accessKeyID, secret, "") signer := v4.NewSigner(awsCreds) - body, err := readAndKeepBody(r) - if err != nil { - return nil, errors.Wrap(err, "failed to read out request body") - } + // body, err := readAndKeepBody(r) + // if err != nil { + // return nil, errors.Wrap(err, "failed to read out request body") + // } + // + // _ = body - hdr, err := signer.Sign(otherRequest, body, sms1["service"], sms1["region"], signatureDateTime) - if err != nil { + // body not required + if _, err := signer.Sign(otherRequest, nil, sms1["service"], sms1["region"], signatureDateTime); err != nil { return nil, errors.Wrap(err, "failed to sign temporary HTTP request") } - sms2 := c.reg.getSubmatches(hdr.Get("Authorization")) + sms2 := c.reg.getSubmatches(otherRequest.Header.Get("Authorization")) if sms1["v4_signature"] != sms2["v4_signature"] { - return nil, errors.Wrap(err, "failed to pass authentication procedure") + return nil, errors.New("failed to pass authentication procedure") } return tkn, nil } +// for debug reasons +func panicSeeker() io.ReadSeeker { return prs(0) } + // TODO: Make this write into a smart buffer backed by a file on a fast drive. -func readAndKeepBody(request *http.Request) (*bytes.Reader, error) { - if request.Body == nil { - var r bytes.Reader - return &r, nil - } - payload, err := ioutil.ReadAll(request.Body) - if err != nil { - return nil, err - } - request.Body = ioutil.NopCloser(bytes.NewReader(payload)) - return bytes.NewReader(payload), nil -} +// func readAndKeepBody(request *http.Request) (*bytes.Reader, error) { +// if request.Body == nil { +// return new(bytes.Reader), nil +// } +// +// payload, err := ioutil.ReadAll(request.Body) +// if err != nil { +// return nil, err +// } +// +// request.Body = ioutil.NopCloser(bytes.NewReader(payload)) +// return bytes.NewReader(payload), nil +// }