Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
hexbee
Cloudreve
提交
de4793aa
C
Cloudreve
项目概览
hexbee
/
Cloudreve
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
C
Cloudreve
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
de4793aa
编写于
12月 29, 2019
作者:
H
HFO4
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Modify: auth instance as first param in SignURI/Request
上级
b5ee3ee6
变更
7
隐藏空白更改
内联
并排
Showing
7 changed file
with
31 addition
and
27 deletion
+31
-27
middleware/auth.go
middleware/auth.go
+3
-3
pkg/auth/auth.go
pkg/auth/auth.go
+8
-8
pkg/auth/auth_test.go
pkg/auth/auth_test.go
+14
-14
pkg/conf/defaults.go
pkg/conf/defaults.go
+1
-1
pkg/filesystem/local/handler.go
pkg/filesystem/local/handler.go
+2
-0
pkg/filesystem/remote/handler.go
pkg/filesystem/remote/handler.go
+2
-1
service/explorer/objects.go
service/explorer/objects.go
+1
-0
未找到文件。
middleware/auth.go
浏览文件 @
de4793aa
...
...
@@ -15,11 +15,11 @@ func SignRequired() gin.HandlerFunc {
var
err
error
switch
c
.
Request
.
Method
{
case
"PUT"
,
"POST"
:
err
=
auth
.
CheckRequest
(
c
.
Request
)
err
=
auth
.
CheckRequest
(
auth
.
General
,
c
.
Request
)
// TODO 生产环境去掉下一行
err
=
nil
//
err = nil
default
:
err
=
auth
.
CheckURI
(
c
.
Request
.
URL
)
err
=
auth
.
CheckURI
(
auth
.
General
,
c
.
Request
.
URL
)
}
if
err
!=
nil
{
...
...
pkg/auth/auth.go
浏览文件 @
de4793aa
...
...
@@ -31,9 +31,9 @@ type Auth interface {
// SignRequest 对PUT\POST等复杂HTTP请求签名,如果请求Header中
// 包含 X-Policy, 则此请求会被认定为上传请求,只会对URI部分和
// Policy部分进行签名。其他请求则会对URI和Body部分进行签名。
func
SignRequest
(
r
*
http
.
Request
,
expires
int64
)
*
http
.
Request
{
func
SignRequest
(
instance
Auth
,
r
*
http
.
Request
,
expires
int64
)
*
http
.
Request
{
// 生成签名
sign
:=
General
.
Sign
(
getSignContent
(
r
),
expires
)
sign
:=
instance
.
Sign
(
getSignContent
(
r
),
expires
)
// 将签名加到请求Header中
r
.
Header
[
"Authorization"
]
=
[]
string
{
"Bearer "
+
sign
}
...
...
@@ -41,7 +41,7 @@ func SignRequest(r *http.Request, expires int64) *http.Request {
}
// CheckRequest 对复杂请求进行签名验证
func
CheckRequest
(
r
*
http
.
Request
)
error
{
func
CheckRequest
(
instance
Auth
,
r
*
http
.
Request
)
error
{
var
(
sign
[]
string
ok
bool
...
...
@@ -51,7 +51,7 @@ func CheckRequest(r *http.Request) error {
}
sign
[
0
]
=
strings
.
TrimPrefix
(
sign
[
0
],
"Bearer "
)
return
General
.
Check
(
getSignContent
(
r
),
sign
[
0
])
return
instance
.
Check
(
getSignContent
(
r
),
sign
[
0
])
}
// getSignContent 根据请求Header中是否包含X-Policy判断是否为上传请求,
...
...
@@ -69,14 +69,14 @@ func getSignContent(r *http.Request) (rawSignString string) {
}
// SignURI 对URI进行签名,签名只针对Path部分,query部分不做验证
func
SignURI
(
uri
string
,
expires
int64
)
(
*
url
.
URL
,
error
)
{
func
SignURI
(
instance
Auth
,
uri
string
,
expires
int64
)
(
*
url
.
URL
,
error
)
{
base
,
err
:=
url
.
Parse
(
uri
)
if
err
!=
nil
{
return
nil
,
err
}
// 生成签名
sign
:=
General
.
Sign
(
base
.
Path
,
expires
)
sign
:=
instance
.
Sign
(
base
.
Path
,
expires
)
// 将签名加到URI中
queries
:=
base
.
Query
()
...
...
@@ -87,14 +87,14 @@ func SignURI(uri string, expires int64) (*url.URL, error) {
}
// CheckURI 对URI进行鉴权
func
CheckURI
(
url
*
url
.
URL
)
error
{
func
CheckURI
(
instance
Auth
,
url
*
url
.
URL
)
error
{
//获取待验证的签名正文
queries
:=
url
.
Query
()
sign
:=
queries
.
Get
(
"sign"
)
queries
.
Del
(
"sign"
)
url
.
RawQuery
=
queries
.
Encode
()
return
General
.
Check
(
url
.
Path
,
sign
)
return
instance
.
Check
(
url
.
Path
,
sign
)
}
// Init 初始化通用鉴权器
...
...
pkg/auth/auth_test.go
浏览文件 @
de4793aa
...
...
@@ -16,7 +16,7 @@ func TestSignURI(t *testing.T) {
// 成功
{
sign
,
err
:=
SignURI
(
"/api/v3/something?id=1"
,
0
)
sign
,
err
:=
SignURI
(
General
,
"/api/v3/something?id=1"
,
0
)
asserts
.
NoError
(
err
)
queries
:=
sign
.
Query
()
asserts
.
Equal
(
"1"
,
queries
.
Get
(
"id"
))
...
...
@@ -25,7 +25,7 @@ func TestSignURI(t *testing.T) {
// URI解码失败
{
sign
,
err
:=
SignURI
(
"://dg.;'f]gh./'"
,
0
)
sign
,
err
:=
SignURI
(
General
,
"://dg.;'f]gh./'"
,
0
)
asserts
.
Error
(
err
)
asserts
.
Nil
(
sign
)
}
...
...
@@ -37,16 +37,16 @@ func TestCheckURI(t *testing.T) {
// 成功
{
sign
,
err
:=
SignURI
(
"/api/ok?if=sdf&fd=go"
,
time
.
Now
()
.
Unix
()
+
10
)
sign
,
err
:=
SignURI
(
General
,
"/api/ok?if=sdf&fd=go"
,
time
.
Now
()
.
Unix
()
+
10
)
asserts
.
NoError
(
err
)
asserts
.
NoError
(
CheckURI
(
sign
))
asserts
.
NoError
(
CheckURI
(
General
,
sign
))
}
// 过期
{
sign
,
err
:=
SignURI
(
"/api/ok?if=sdf&fd=go"
,
time
.
Now
()
.
Unix
()
-
1
)
sign
,
err
:=
SignURI
(
General
,
"/api/ok?if=sdf&fd=go"
,
time
.
Now
()
.
Unix
()
-
1
)
asserts
.
NoError
(
err
)
asserts
.
Error
(
CheckURI
(
sign
))
asserts
.
Error
(
CheckURI
(
General
,
sign
))
}
}
...
...
@@ -58,7 +58,7 @@ func TestSignRequest(t *testing.T) {
{
req
,
err
:=
http
.
NewRequest
(
"POST"
,
"http://127.0.0.1/api/v3/slave/upload"
,
strings
.
NewReader
(
"I am body."
))
asserts
.
NoError
(
err
)
req
=
SignRequest
(
req
,
0
)
req
=
SignRequest
(
General
,
req
,
0
)
asserts
.
NotEmpty
(
req
.
Header
[
"Authorization"
])
}
...
...
@@ -71,7 +71,7 @@ func TestSignRequest(t *testing.T) {
)
asserts
.
NoError
(
err
)
req
.
Header
[
"X-Policy"
]
=
[]
string
{
"I am Policy"
}
req
=
SignRequest
(
req
,
10
)
req
=
SignRequest
(
General
,
req
,
10
)
asserts
.
NotEmpty
(
req
.
Header
[
"Authorization"
])
}
}
...
...
@@ -88,8 +88,8 @@ func TestCheckRequest(t *testing.T) {
strings
.
NewReader
(
"I am body."
),
)
asserts
.
NoError
(
err
)
req
=
SignRequest
(
req
,
0
)
err
=
CheckRequest
(
req
)
req
=
SignRequest
(
General
,
req
,
0
)
err
=
CheckRequest
(
General
,
req
)
asserts
.
NoError
(
err
)
}
...
...
@@ -102,8 +102,8 @@ func TestCheckRequest(t *testing.T) {
)
asserts
.
NoError
(
err
)
req
.
Header
[
"X-Policy"
]
=
[]
string
{
"I am Policy"
}
req
=
SignRequest
(
req
,
0
)
err
=
CheckRequest
(
req
)
req
=
SignRequest
(
General
,
req
,
0
)
err
=
CheckRequest
(
General
,
req
)
asserts
.
NoError
(
err
)
}
...
...
@@ -115,9 +115,9 @@ func TestCheckRequest(t *testing.T) {
strings
.
NewReader
(
"I am body."
),
)
asserts
.
NoError
(
err
)
req
=
SignRequest
(
req
,
0
)
req
=
SignRequest
(
General
,
req
,
0
)
req
.
Body
=
ioutil
.
NopCloser
(
strings
.
NewReader
(
"2333"
))
err
=
CheckRequest
(
req
)
err
=
CheckRequest
(
General
,
req
)
asserts
.
Error
(
err
)
}
}
pkg/conf/defaults.go
浏览文件 @
de4793aa
...
...
@@ -41,7 +41,7 @@ var CORSConfig = &cors{
AllowOrigins
:
[]
string
{
"UNSET"
},
AllowMethods
:
[]
string
{
"PUT"
,
"POST"
,
"GET"
,
"OPTIONS"
},
AllowHeaders
:
[]
string
{
"Cookie"
,
"Content-Length"
,
"Content-Type"
,
"X-Path"
,
"X-FileName"
},
AllowCredentials
:
tru
e
,
AllowCredentials
:
fals
e
,
ExposeHeaders
:
nil
,
}
...
...
pkg/filesystem/local/handler.go
浏览文件 @
de4793aa
...
...
@@ -142,12 +142,14 @@ func (handler Handler) Source(
// 签名生成文件记录
signedURI
,
err
=
auth
.
SignURI
(
auth
.
General
,
fmt
.
Sprintf
(
"/api/v3/file/download/%s"
,
downloadSessionID
),
expires
,
)
}
else
{
// 签名生成文件记录
signedURI
,
err
=
auth
.
SignURI
(
auth
.
General
,
fmt
.
Sprintf
(
"/api/v3/file/get/%d/%s"
,
file
.
ID
,
file
.
Name
),
expires
,
)
...
...
pkg/filesystem/remote/handler.go
浏览文件 @
de4793aa
...
...
@@ -79,7 +79,8 @@ func (handler Handler) Token(ctx context.Context, TTL int64, key string) (serial
uploadRequest
.
Header
=
map
[
string
][]
string
{
"X-Policy"
:
{
policyEncoded
},
}
auth
.
SignRequest
(
uploadRequest
,
time
.
Now
()
.
Unix
()
+
TTL
)
remoteAuth
:=
auth
.
HMACAuth
{
SecretKey
:
[]
byte
(
handler
.
Policy
.
SecretKey
)}
auth
.
SignRequest
(
remoteAuth
,
uploadRequest
,
time
.
Now
()
.
Unix
()
+
TTL
)
if
credential
,
ok
:=
uploadRequest
.
Header
[
"Authorization"
];
ok
&&
len
(
credential
)
==
1
{
return
serializer
.
UploadCredential
{
...
...
service/explorer/objects.go
浏览文件 @
de4793aa
...
...
@@ -66,6 +66,7 @@ func (service *ItemService) Archive(ctx context.Context, c *gin.Context) seriali
ttl
=
30
}
signedURI
,
err
:=
auth
.
SignURI
(
auth
.
General
,
fmt
.
Sprintf
(
"/api/v3/file/archive/%s/archive.zip"
,
zipID
),
time
.
Now
()
.
Unix
()
+
int64
(
ttl
),
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录