From 04bbe61826b5aaa11ca978138ad6a028e9ddf108 Mon Sep 17 00:00:00 2001 From: jonaustin09 Date: Thu, 1 Jun 2023 00:16:01 +0400 Subject: [PATCH] fix: Removed root user flags --- cmd/versitygw/main.go | 6 ++---- s3api/middlewares/authentication.go | 11 ++++++++--- s3api/server.go | 5 ++--- s3api/server_test.go | 20 ++++++++++---------- s3api/utils/utils.go | 24 ------------------------ 5 files changed, 22 insertions(+), 44 deletions(-) diff --git a/cmd/versitygw/main.go b/cmd/versitygw/main.go index 9c99d1b..04f509b 100644 --- a/cmd/versitygw/main.go +++ b/cmd/versitygw/main.go @@ -24,7 +24,7 @@ import ( "github.com/urfave/cli/v2" "github.com/versity/versitygw/backend" "github.com/versity/versitygw/s3api" - "github.com/versity/versitygw/s3api/utils" + "github.com/versity/versitygw/s3api/middlewares" ) var ( @@ -144,9 +144,7 @@ func runGateway(be backend.Backend) error { opts = append(opts, s3api.WithTLS(cert)) } - rootUser := utils.GetRootUserCreds() - - srv, err := s3api.New(app, be, port, rootUser, opts...) + srv, err := s3api.New(app, be, port, middlewares.AdminUser{AdminAccess: adminAccess, AdminSecret: adminSecret}, opts...) if err != nil { return fmt.Errorf("init gateway: %v", err) } diff --git a/s3api/middlewares/authentication.go b/s3api/middlewares/authentication.go index a69e290..0cc35f4 100644 --- a/s3api/middlewares/authentication.go +++ b/s3api/middlewares/authentication.go @@ -32,7 +32,12 @@ const ( iso8601Format = "20060102T150405Z" ) -func VerifyV4Signature(user utils.RootUser) fiber.Handler { +type AdminUser struct { + AdminAccess string + AdminSecret string +} + +func VerifyV4Signature(user AdminUser) fiber.Handler { return func(ctx *fiber.Ctx) error { authorization := ctx.Get("Authorization") if authorization == "" { @@ -79,8 +84,8 @@ func VerifyV4Signature(user utils.RootUser) fiber.Handler { signer := v4.NewSigner() signErr := signer.SignHTTP(req.Context(), aws.Credentials{ - AccessKeyID: user.Login, - SecretAccessKey: user.Password, + AccessKeyID: user.AdminAccess, + SecretAccessKey: user.AdminSecret, }, req, hexPayload, creds[3], creds[2], tdate) if signErr != nil { return controllers.Responce[any](ctx, nil, s3err.GetAPIError(s3err.ErrAccessDenied)) diff --git a/s3api/server.go b/s3api/server.go index b78ae79..906d7d1 100644 --- a/s3api/server.go +++ b/s3api/server.go @@ -21,7 +21,6 @@ import ( "github.com/gofiber/fiber/v2/middleware/logger" "github.com/versity/versitygw/backend" "github.com/versity/versitygw/s3api/middlewares" - "github.com/versity/versitygw/s3api/utils" ) type S3ApiServer struct { @@ -32,7 +31,7 @@ type S3ApiServer struct { cert *tls.Certificate } -func New(app *fiber.App, be backend.Backend, port string, rootUser utils.RootUser, opts ...Option) (*S3ApiServer, error) { +func New(app *fiber.App, be backend.Backend, port string, adminUser middlewares.AdminUser, opts ...Option) (*S3ApiServer, error) { server := &S3ApiServer{ app: app, backend: be, @@ -44,7 +43,7 @@ func New(app *fiber.App, be backend.Backend, port string, rootUser utils.RootUse opt(server) } - app.Use(middlewares.VerifyV4Signature(rootUser)) + app.Use(middlewares.VerifyV4Signature(adminUser)) app.Use(logger.New()) server.router.Init(app, be) return server, nil diff --git a/s3api/server_test.go b/s3api/server_test.go index b4280bf..2249e05 100644 --- a/s3api/server_test.go +++ b/s3api/server_test.go @@ -20,15 +20,15 @@ import ( "github.com/gofiber/fiber/v2" "github.com/versity/versitygw/backend" - "github.com/versity/versitygw/s3api/utils" + "github.com/versity/versitygw/s3api/middlewares" ) func TestNew(t *testing.T) { type args struct { - app *fiber.App - be backend.Backend - port string - rootUser utils.RootUser + app *fiber.App + be backend.Backend + port string + adminUser middlewares.AdminUser } app := fiber.New() @@ -45,10 +45,10 @@ func TestNew(t *testing.T) { { name: "Create S3 api server", args: args{ - app: app, - be: be, - port: port, - rootUser: utils.RootUser{}, + app: app, + be: be, + port: port, + adminUser: middlewares.AdminUser{}, }, wantS3ApiServer: &S3ApiServer{ app: app, @@ -61,7 +61,7 @@ func TestNew(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - gotS3ApiServer, err := New(tt.args.app, tt.args.be, tt.args.port, tt.args.rootUser) + gotS3ApiServer, err := New(tt.args.app, tt.args.be, tt.args.port, tt.args.adminUser) if (err != nil) != tt.wantErr { t.Errorf("New() error = %v, wantErr %v", err, tt.wantErr) return diff --git a/s3api/utils/utils.go b/s3api/utils/utils.go index a7ae3e9..f218edc 100644 --- a/s3api/utils/utils.go +++ b/s3api/utils/utils.go @@ -17,9 +17,7 @@ package utils import ( "bytes" "errors" - "flag" "net/http" - "os" "strings" "github.com/gofiber/fiber/v2" @@ -39,28 +37,6 @@ func GetUserMetaData(headers *fasthttp.RequestHeader) (metadata map[string]strin return } -type RootUser struct { - Login string - Password string -} - -func GetRootUserCreds() (rootUser RootUser) { - loginPtr := flag.String("login", "", "Root user login") - passwordPtr := flag.String("password", "", "Root user password") - - flag.Parse() - - if *loginPtr == "" || *passwordPtr == "" { - os.Exit(3) - } - - rootUser = RootUser{ - Login: *loginPtr, - Password: *passwordPtr, - } - return -} - func CreateHttpRequestFromCtx(ctx *fiber.Ctx) (*http.Request, error) { req := ctx.Request()