diff options
| author | Chris Lu <chris.lu@gmail.com> | 2020-02-09 16:02:05 -0800 |
|---|---|---|
| committer | Chris Lu <chris.lu@gmail.com> | 2020-02-09 16:02:05 -0800 |
| commit | b90ad6f452381f5064c37b639588fb46377a7b15 (patch) | |
| tree | 8302bf6824a4ff8bfa7c182141e02939897e2a42 /weed/s3api/auth_credentials.go | |
| parent | e7b63d50b16e435dab31eda172896976c30d252c (diff) | |
| download | seaweedfs-b90ad6f452381f5064c37b639588fb46377a7b15.tar.xz seaweedfs-b90ad6f452381f5064c37b639588fb46377a7b15.zip | |
add v2 support
Diffstat (limited to 'weed/s3api/auth_credentials.go')
| -rw-r--r-- | weed/s3api/auth_credentials.go | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go index 9df1fdd29..e5d693951 100644 --- a/weed/s3api/auth_credentials.go +++ b/weed/s3api/auth_credentials.go @@ -26,6 +26,7 @@ type Iam interface { type IdentityAccessManagement struct { identities []*Identity + domain string } type Identity struct { @@ -39,8 +40,10 @@ type Credential struct { SecretKey string } -func NewIdentityAccessManagement(fileName string) *IdentityAccessManagement { - iam := &IdentityAccessManagement{} +func NewIdentityAccessManagement(fileName string, domain string) *IdentityAccessManagement { + iam := &IdentityAccessManagement{ + domain: domain, + } if fileName == "" { return iam } @@ -119,17 +122,26 @@ func (iam *IdentityAccessManagement) authRequest(r *http.Request, actions []Acti var identity *Identity var s3Err ErrorCode switch getRequestAuthType(r) { - case authTypeUnknown, authTypeStreamingSigned: + case authTypeStreamingSigned: + return ErrNone + case authTypeUnknown: + glog.V(3).Infof("unknown auth type") return ErrAccessDenied case authTypePresignedV2, authTypeSignedV2: - return ErrNotImplemented + glog.V(3).Infof("v2 auth type") + identity, s3Err = iam.isReqAuthenticatedV2(r) case authTypeSigned, authTypePresigned: + glog.V(3).Infof("v4 auth type") identity, s3Err = iam.reqSignatureV4Verify(r) - if s3Err != ErrNone { - return s3Err - } } + glog.V(3).Infof("auth error: %v", s3Err) + if s3Err != ErrNone { + return s3Err + } + + glog.V(3).Infof("user name: %v actions: %v", identity.Name, identity.Actions) + if !identity.canDo(actions) { return ErrAccessDenied } |