frostfs: Reject tokens with slash character
Current reverse proxy configs assume that token is a valid filename with no nesting levels. It's better to reject unsupported tokens early Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
This commit is contained in:
parent
61ce76f648
commit
597d147c7d
1 changed files with 5 additions and 1 deletions
|
|
@ -8,6 +8,7 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/go-acme/lego/v4/challenge"
|
||||
|
|
@ -46,7 +47,9 @@ func NewHTTPProvider(endpoint, cid, walletPath, walletAccount, walletPassword st
|
|||
}
|
||||
|
||||
func (w *HTTPProvider) Present(domain, token, keyAuth string) error {
|
||||
var err error
|
||||
if strings.Contains(token, "/") {
|
||||
return fmt.Errorf("token with slash character is not supported: %s", token)
|
||||
}
|
||||
if w.oid != "" {
|
||||
return fmt.Errorf("%T is not safe to re-enter: object was saved and not yet cleaned up: %s", w, w.oid)
|
||||
}
|
||||
|
|
@ -54,6 +57,7 @@ func (w *HTTPProvider) Present(domain, token, keyAuth string) error {
|
|||
ctx, cancel := context.WithCancel(context.Background())
|
||||
defer cancel()
|
||||
|
||||
var err error
|
||||
expires, err := w.frostfs.Epoch(ctx, time.Now().Add(tokenLifetime))
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to calculate token expiration: %w", err)
|
||||
|
|
|
|||
Loading…
Reference in a new issue