remove various unexpected features in console (#782)
- Unix listeners are removed - KeepAlive, IdleTimeout etc are removed - Authorization logic is simplified - Added support for MINIO_PROMETHEUS_JOB_ID
This commit is contained in:
Harshavardhana
GitHub
@@ -32,8 +32,8 @@ import (
|
||||
"log"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/go-openapi/swag"
|
||||
"github.com/minio/console/models"
|
||||
"github.com/minio/console/pkg/auth/token"
|
||||
"github.com/minio/minio-go/v7/pkg/credentials"
|
||||
@@ -43,8 +43,10 @@ import (
|
||||
"golang.org/x/crypto/pbkdf2"
|
||||
)
|
||||
|
||||
// Session token errors
|
||||
var (
|
||||
errNoAuthToken = errors.New("session token missing")
|
||||
ErrNoAuthToken = errors.New("session token missing")
|
||||
errTokenExpired = errors.New("session token has expired")
|
||||
errReadingToken = errors.New("session token internal data is malformed")
|
||||
errClaimsFormat = errors.New("encrypted session token claims not in the right format")
|
||||
errorGeneric = errors.New("an error has occurred")
|
||||
@@ -82,7 +84,7 @@ type TokenClaims struct {
|
||||
// }
|
||||
func SessionTokenAuthenticate(token string) (*TokenClaims, error) {
|
||||
if token == "" {
|
||||
return nil, errNoAuthToken
|
||||
return nil, ErrNoAuthToken
|
||||
}
|
||||
// decrypt encrypted token
|
||||
claimTokens, err := decryptClaims(token)
|
||||
@@ -289,25 +291,18 @@ func decrypt(ciphertext []byte, associatedData []byte) ([]byte, error) {
|
||||
// either defined on a cookie `token` or on Authorization header.
|
||||
//
|
||||
// Authorization Header needs to be like "Authorization Bearer <token>"
|
||||
func GetTokenFromRequest(r *http.Request) (*string, error) {
|
||||
// Get Auth token
|
||||
var reqToken string
|
||||
|
||||
func GetTokenFromRequest(r *http.Request) (string, error) {
|
||||
// Token might come either as a Cookie or as a Header
|
||||
// if not set in cookie, check if it is set on Header.
|
||||
tokenCookie, err := r.Cookie("token")
|
||||
if err != nil {
|
||||
headerToken := r.Header.Get("Authorization")
|
||||
// reqToken should come as "Bearer <token>"
|
||||
splitHeaderToken := strings.Split(headerToken, "Bearer")
|
||||
if len(splitHeaderToken) <= 1 {
|
||||
return nil, errNoAuthToken
|
||||
}
|
||||
reqToken = strings.TrimSpace(splitHeaderToken[1])
|
||||
} else {
|
||||
reqToken = strings.TrimSpace(tokenCookie.Value)
|
||||
return "", ErrNoAuthToken
|
||||
}
|
||||
return swag.String(reqToken), nil
|
||||
currentTime := time.Now()
|
||||
if tokenCookie.Expires.After(currentTime) {
|
||||
return "", errTokenExpired
|
||||
}
|
||||
return strings.TrimSpace(tokenCookie.Value), nil
|
||||
}
|
||||
|
||||
func GetClaimsFromTokenInRequest(req *http.Request) (*models.Principal, error) {
|
||||
@@ -317,7 +312,7 @@ func GetClaimsFromTokenInRequest(req *http.Request) (*models.Principal, error) {
|
||||
}
|
||||
// Perform decryption of the session token, if Console is able to decrypt the session token that means a valid session
|
||||
// was used in the first place to get it
|
||||
claims, err := SessionTokenAuthenticate(*sessionID)
|
||||
claims, err := SessionTokenAuthenticate(sessionID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user