maxmustermann/minio
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
minio/jwt-auth-handler.go
Harshavardhana db387912f2 jwt: Deprecate RSA usage, use HMAC instead. 
HMAC is a much simpler implementation, providing the same
benefits as RSA, avoids additional steps and keeps the code
simpler.

This patch also additionally

- Implements PutObjectURL API.
- GetObjectURL, PutObjectURL take TargetHost as another
  argument for generating URL's for proper target destination.
- Adds experimental TLS support for JSON RPC calls.
2016-01-27 03:38:33 -08:00

58 lines
1.6 KiB
Go
Raw Blame History

/*
* Minio Cloud Storage, (C) 2016 Minio, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package main
import (
"fmt"
"net/http"
jwtgo "github.com/dgrijalva/jwt-go"
)
type authHandler struct {
handler http.Handler
}
// AuthHandler -
// Verify if authorization header is of form JWT, reject it otherwise.
func AuthHandler(h http.Handler) http.Handler {
return authHandler{h}
}
// Ignore request if authorization header is not valid.
func (h authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Let the top level caller handle if the requests should be
// allowed, if there are no Authorization headers.
if r.Header.Get("Authorization") == "" {
h.handler.ServeHTTP(w, r)
return
}
// Validate Authorization header to be valid.
jwt := InitJWT()
token, e := jwtgo.ParseFromRequest(r, func(token *jwtgo.Token) (interface{}, error) {
if _, ok := token.Method.(*jwtgo.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
}
return jwt.secretAccessKey, nil
})
if e != nil || !token.Valid {
w.WriteHeader(http.StatusUnauthorized)
return
}
h.handler.ServeHTTP(w, r)
}
Reference in a new issue View git blame Copy permalink