diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2019-02-18 15:05:32 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-02-18 15:05:32 -0800 |
| commit | 9a4dda30118fa4e076b2ef4ea6abe14ca898a84e (patch) | |
| tree | c5d379b2a92d78607e82246ca2abed09bd1c0b2d /weed/security/guard.go | |
| parent | a1c7dc380683d44e59a18c2e71c9c3aa7734835f (diff) | |
| parent | 77b9af531d18e10b04b49b069b5f26a329ed4902 (diff) | |
| download | seaweedfs-9a4dda30118fa4e076b2ef4ea6abe14ca898a84e.tar.xz seaweedfs-9a4dda30118fa4e076b2ef4ea6abe14ca898a84e.zip | |
Merge pull request #855 from chrislusf/add_jwt
Add jwt
Diffstat (limited to 'weed/security/guard.go')
| -rw-r--r-- | weed/security/guard.go | 56 |
1 files changed, 6 insertions, 50 deletions
diff --git a/weed/security/guard.go b/weed/security/guard.go index fd9c8e0b3..84a415253 100644 --- a/weed/security/guard.go +++ b/weed/security/guard.go @@ -41,21 +41,21 @@ https://github.com/pkieltyka/jwtauth/blob/master/jwtauth.go */ type Guard struct { - whiteList []string - SecretKey Secret + whiteList []string + SigningKey SigningKey isActive bool } -func NewGuard(whiteList []string, secretKey string) *Guard { - g := &Guard{whiteList: whiteList, SecretKey: Secret(secretKey)} - g.isActive = len(g.whiteList) != 0 || len(g.SecretKey) != 0 +func NewGuard(whiteList []string, signingKey string) *Guard { + g := &Guard{whiteList: whiteList, SigningKey: SigningKey(signingKey)} + g.isActive = len(g.whiteList) != 0 || len(g.SigningKey) != 0 return g } func (g *Guard) WhiteList(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) { if !g.isActive { - //if no security needed, just skip all checkings + //if no security needed, just skip all checking return f } return func(w http.ResponseWriter, r *http.Request) { @@ -67,20 +67,6 @@ func (g *Guard) WhiteList(f func(w http.ResponseWriter, r *http.Request)) func(w } } -func (g *Guard) Secure(f func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) { - if !g.isActive { - //if no security needed, just skip all checkings - return f - } - return func(w http.ResponseWriter, r *http.Request) { - if err := g.checkJwt(w, r); err != nil { - w.WriteHeader(http.StatusUnauthorized) - return - } - f(w, r) - } -} - func GetActualRemoteHost(r *http.Request) (host string, err error) { host = r.Header.Get("HTTP_X_FORWARDED_FOR") if host == "" { @@ -130,33 +116,3 @@ func (g *Guard) checkWhiteList(w http.ResponseWriter, r *http.Request) error { glog.V(0).Infof("Not in whitelist: %s", r.RemoteAddr) return fmt.Errorf("Not in whitelis: %s", r.RemoteAddr) } - -func (g *Guard) checkJwt(w http.ResponseWriter, r *http.Request) error { - if g.checkWhiteList(w, r) == nil { - return nil - } - - if len(g.SecretKey) == 0 { - return nil - } - - tokenStr := GetJwt(r) - - if tokenStr == "" { - return ErrUnauthorized - } - - // Verify the token - token, err := DecodeJwt(g.SecretKey, tokenStr) - if err != nil { - glog.V(1).Infof("Token verification error from %s: %v", r.RemoteAddr, err) - return ErrUnauthorized - } - if !token.Valid { - glog.V(1).Infof("Token invliad from %s: %v", r.RemoteAddr, tokenStr) - return ErrUnauthorized - } - - glog.V(1).Infof("No permission from %s", r.RemoteAddr) - return fmt.Errorf("No write permission from %s", r.RemoteAddr) -} |