Refactoring auth.Center

Signed-off-by: Evgeniy Kulikov <kim@nspcc.ru>
This commit is contained in:
Evgeniy Kulikov 2020-11-27 15:31:39 +03:00
parent 697d318a6b
commit 58b877b97c

View file

@ -1,12 +1,11 @@
package auth package auth
import ( import (
"bytes"
"context" "context"
"crypto/sha256" "crypto/sha256"
"encoding/hex" "encoding/hex"
"fmt" "fmt"
"io/ioutil" "io"
"net/http" "net/http"
"regexp" "regexp"
"strings" "strings"
@ -40,8 +39,20 @@ type (
Logger *zap.Logger Logger *zap.Logger
Credential hcs.Credentials Credential hcs.Credentials
} }
prs int
) )
func (p prs) Read(_ []byte) (n int, err error) {
panic("implement me")
}
func (p prs) Seek(_ int64, _ int) (int64, error) {
panic("implement me")
}
var _ io.ReadSeeker = prs(0)
// New creates an instance of AuthCenter. // New creates an instance of AuthCenter.
func New(obj sdk.ObjectClient, key hcs.PrivateKey) Center { func New(obj sdk.ObjectClient, key hcs.PrivateKey) Center {
return &center{ return &center{
@ -61,6 +72,11 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) {
return nil, errors.New("unsupported request: wrong length of Authorization header field") return nil, errors.New("unsupported request: wrong length of Authorization header field")
} }
// { // to debug request
// data, _ := httputil.DumpRequest(r, false)
// fmt.Println(string(data))
// }
sms1 := c.reg.getSubmatches(authHeaderField[0]) sms1 := c.reg.getSubmatches(authHeaderField[0])
if len(sms1) != 7 { if len(sms1) != 7 {
return nil, errors.New("bad Authorization header field") return nil, errors.New("bad Authorization header field")
@ -110,34 +126,40 @@ func (c *center) Authenticate(r *http.Request) (*token.BearerToken, error) {
awsCreds := credentials.NewStaticCredentials(accessKeyID, secret, "") awsCreds := credentials.NewStaticCredentials(accessKeyID, secret, "")
signer := v4.NewSigner(awsCreds) signer := v4.NewSigner(awsCreds)
body, err := readAndKeepBody(r) // body, err := readAndKeepBody(r)
if err != nil { // if err != nil {
return nil, errors.Wrap(err, "failed to read out request body") // return nil, errors.Wrap(err, "failed to read out request body")
} // }
//
// _ = body
hdr, err := signer.Sign(otherRequest, body, sms1["service"], sms1["region"], signatureDateTime) // body not required
if err != nil { if _, err := signer.Sign(otherRequest, nil, sms1["service"], sms1["region"], signatureDateTime); err != nil {
return nil, errors.Wrap(err, "failed to sign temporary HTTP request") return nil, errors.Wrap(err, "failed to sign temporary HTTP request")
} }
sms2 := c.reg.getSubmatches(hdr.Get("Authorization")) sms2 := c.reg.getSubmatches(otherRequest.Header.Get("Authorization"))
if sms1["v4_signature"] != sms2["v4_signature"] { if sms1["v4_signature"] != sms2["v4_signature"] {
return nil, errors.Wrap(err, "failed to pass authentication procedure") return nil, errors.New("failed to pass authentication procedure")
} }
return tkn, nil return tkn, nil
} }
// for debug reasons
func panicSeeker() io.ReadSeeker { return prs(0) }
// TODO: Make this write into a smart buffer backed by a file on a fast drive. // TODO: Make this write into a smart buffer backed by a file on a fast drive.
func readAndKeepBody(request *http.Request) (*bytes.Reader, error) { // func readAndKeepBody(request *http.Request) (*bytes.Reader, error) {
if request.Body == nil { // if request.Body == nil {
var r bytes.Reader // return new(bytes.Reader), nil
return &r, nil // }
} //
payload, err := ioutil.ReadAll(request.Body) // payload, err := ioutil.ReadAll(request.Body)
if err != nil { // if err != nil {
return nil, err // return nil, err
} // }
request.Body = ioutil.NopCloser(bytes.NewReader(payload)) //
return bytes.NewReader(payload), nil // request.Body = ioutil.NopCloser(bytes.NewReader(payload))
} // return bytes.NewReader(payload), nil
// }