Merge pull request #68 from flymin/dev

Implement access control with url parameter based on md5sum
This commit is contained in:
Jeromy Streets 2022-05-25 08:48:48 -07:00 committed by GitHub
commit 9e5c2adff6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 59 additions and 0 deletions

View File

@ -64,6 +64,16 @@ TLS_MIN_VERS=
# To accept missing referrer header, add a blank entry (start comma):
# 'REFERRERS=,http://localhost,https://another.name'
REFERRERS=
# Use key / code parameter in the request URL for access control. The code is
# computed by requested PATH and your key.
# Example:
# ACCESS_KEY=username
# To access your file, either access:
# http://$HOST:$PORT/my/place/my.file?key=username
# or access (md5sum of "/my/place/my.fileusername"):
# http://$HOST:$PORT/my/place/my.file?code=44356A355E89D9EE7B2D5687E48024B0
ACCESS_KEY=
```
### YAML Configuration File
@ -85,6 +95,7 @@ tls-cert: ""
tls-key: ""
tls-min-vers: ""
url-prefix: ""
access-key: ""
```
Example configuration with possible alternative values:

View File

@ -67,6 +67,11 @@ func handlerSelector() (handler http.HandlerFunc) {
handler = handle.AddCorsWildcardHeaders(handler)
}
// If configured, apply key code access control.
if "" != config.Get.AccessKey {
handler = handle.AddAccessKey(handler, config.Get.AccessKey)
}
return
}

View File

@ -28,6 +28,7 @@ var (
TLSMinVersStr string `yaml:"tls-min-vers"`
URLPrefix string `yaml:"url-prefix"`
Referrers []string `yaml:"referrers"`
AccessKey string `yaml:"access-key"`
}
)
@ -43,6 +44,7 @@ const (
tlsKeyKey = "TLS_KEY"
tlsMinVersKey = "TLS_MIN_VERS"
urlPrefixKey = "URL_PREFIX"
accessKeyKey = "ACCESS_KEY"
)
var (
@ -57,6 +59,7 @@ var (
defaultTLSMinVers = ""
defaultURLPrefix = ""
defaultCors = false
defaultAccessKey = ""
)
func init() {
@ -76,6 +79,7 @@ func setDefaults() {
Get.TLSMinVersStr = defaultTLSMinVers
Get.URLPrefix = defaultURLPrefix
Get.Cors = defaultCors
Get.AccessKey = defaultAccessKey
}
// Load the configuration file.
@ -126,6 +130,7 @@ func overrideWithEnvVars() {
Get.TLSMinVersStr = envAsStr(tlsMinVersKey, Get.TLSMinVersStr)
Get.URLPrefix = envAsStr(urlPrefixKey, Get.URLPrefix)
Get.Referrers = envAsStrSlice(referrersKey, Get.Referrers)
Get.AccessKey = envAsStr(accessKeyKey, Get.AccessKey)
}
// validate the configuration.

View File

@ -2,6 +2,7 @@ package handle
import (
"crypto/tls"
"crypto/md5"
"fmt"
"log"
"net/http"
@ -152,6 +153,43 @@ func AddCorsWildcardHeaders(serve http.HandlerFunc) http.HandlerFunc {
}
}
// Access Control through url parameters. The access key is set by ACCESS_KEY.
// md5sum is computed by queried path + access key
// (e.g. "/my/file" + ACCESS_KEY)
func AddAccessKey(serve http.HandlerFunc, accessKey string) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
// Get key or md5sum from this access.
keys, keyOk := r.URL.Query()["key"]
var code string
if !keyOk || len(keys[0]) < 1 {
// In case a code is provided
codes, codeOk := r.URL.Query()["code"]
if !codeOk || len(codes[0]) < 1 {
http.NotFound(w, r)
return
}
code = strings.ToUpper(codes[0])
} else {
// In case a key is provided, convert to code.
data := []byte(r.URL.Path + keys[0])
hash := md5.Sum(data)
code = fmt.Sprintf("%X", hash)
}
// Compute the correct md5sum of this access.
localData := []byte(r.URL.Path + accessKey)
hash := md5.Sum(localData)
localCode := fmt.Sprintf("%X", hash)
// Compare the two.
if code != localCode {
http.NotFound(w, r)
return
}
serve(w, r)
}
}
// Listening function for serving the handler function.
func Listening() ListenerFunc {
return func(binding string, handler http.HandlerFunc) error {