Modify: add time.Now for expiration inside signing function
This commit is contained in:
HFO4
parent
9c48f4b7ad
commit
0f93864c8e
5 changed files with 19 additions and 20 deletions
|
|
@ -10,6 +10,7 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
|
@ -32,6 +33,11 @@ type Auth interface {
|
||||||
// 包含 X-Policy, 则此请求会被认定为上传请求,只会对URI部分和
|
// 包含 X-Policy, 则此请求会被认定为上传请求,只会对URI部分和
|
||||||
// Policy部分进行签名。其他请求则会对URI和Body部分进行签名。
|
// Policy部分进行签名。其他请求则会对URI和Body部分进行签名。
|
||||||
func SignRequest(instance Auth, r *http.Request, expires int64) *http.Request {
|
func SignRequest(instance Auth, r *http.Request, expires int64) *http.Request {
|
||||||
|
// 处理有效期
|
||||||
|
if expires > 0 {
|
||||||
|
expires += time.Now().Unix()
|
||||||
|
}
|
||||||
|
|
||||||
// 生成签名
|
// 生成签名
|
||||||
sign := instance.Sign(getSignContent(r), expires)
|
sign := instance.Sign(getSignContent(r), expires)
|
||||||
|
|
||||||
|
|
@ -73,6 +79,11 @@ func getSignContent(r *http.Request) (rawSignString string) {
|
||||||
|
|
||||||
// SignURI 对URI进行签名,签名只针对Path部分,query部分不做验证
|
// SignURI 对URI进行签名,签名只针对Path部分,query部分不做验证
|
||||||
func SignURI(instance Auth, uri string, expires int64) (*url.URL, error) {
|
func SignURI(instance Auth, uri string, expires int64) (*url.URL, error) {
|
||||||
|
// 处理有效期
|
||||||
|
if expires != 0 {
|
||||||
|
expires += time.Now().Unix()
|
||||||
|
}
|
||||||
|
|
||||||
base, err := url.Parse(uri)
|
base, err := url.Parse(uri)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,6 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestSignURI(t *testing.T) {
|
func TestSignURI(t *testing.T) {
|
||||||
|
|
@ -37,14 +36,14 @@ func TestCheckURI(t *testing.T) {
|
||||||
|
|
||||||
// 成功
|
// 成功
|
||||||
{
|
{
|
||||||
sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", time.Now().Unix()+10)
|
sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", 10)
|
||||||
asserts.NoError(err)
|
asserts.NoError(err)
|
||||||
asserts.NoError(CheckURI(General, sign))
|
asserts.NoError(CheckURI(General, sign))
|
||||||
}
|
}
|
||||||
|
|
||||||
// 过期
|
// 过期
|
||||||
{
|
{
|
||||||
sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", time.Now().Unix()-1)
|
sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", -1)
|
||||||
asserts.NoError(err)
|
asserts.NoError(err)
|
||||||
asserts.Error(CheckURI(General, sign))
|
asserts.Error(CheckURI(General, sign))
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,6 @@ import (
|
||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"time"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Handler 本地策略适配器
|
// Handler 本地策略适配器
|
||||||
|
|
@ -124,11 +123,6 @@ func (handler Handler) Source(
|
||||||
return "", errors.New("无法获取文件记录上下文")
|
return "", errors.New("无法获取文件记录上下文")
|
||||||
}
|
}
|
||||||
|
|
||||||
var expires int64
|
|
||||||
if ttl > 0 {
|
|
||||||
expires = time.Now().Unix() + ttl
|
|
||||||
}
|
|
||||||
|
|
||||||
var (
|
var (
|
||||||
signedURI *url.URL
|
signedURI *url.URL
|
||||||
err error
|
err error
|
||||||
|
|
@ -145,14 +139,14 @@ func (handler Handler) Source(
|
||||||
signedURI, err = auth.SignURI(
|
signedURI, err = auth.SignURI(
|
||||||
auth.General,
|
auth.General,
|
||||||
fmt.Sprintf("/api/v3/file/download/%s", downloadSessionID),
|
fmt.Sprintf("/api/v3/file/download/%s", downloadSessionID),
|
||||||
expires,
|
ttl,
|
||||||
)
|
)
|
||||||
} else {
|
} else {
|
||||||
// 签名生成文件记录
|
// 签名生成文件记录
|
||||||
signedURI, err = auth.SignURI(
|
signedURI, err = auth.SignURI(
|
||||||
auth.General,
|
auth.General,
|
||||||
fmt.Sprintf("/api/v3/file/get/%d/%s", file.ID, file.Name),
|
fmt.Sprintf("/api/v3/file/get/%d/%s", file.ID, file.Name),
|
||||||
expires,
|
ttl,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@ import (
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Handler 远程存储策略适配器
|
// Handler 远程存储策略适配器
|
||||||
|
|
@ -106,7 +105,7 @@ func (handler Handler) Thumb(ctx context.Context, path string) (*response.Conten
|
||||||
sourcePath := base64.RawURLEncoding.EncodeToString([]byte(path))
|
sourcePath := base64.RawURLEncoding.EncodeToString([]byte(path))
|
||||||
thumbURL := handler.getAPI("thumb") + "/" + sourcePath
|
thumbURL := handler.getAPI("thumb") + "/" + sourcePath
|
||||||
ttl := model.GetIntSetting("slave_api_timeout", 60)
|
ttl := model.GetIntSetting("slave_api_timeout", 60)
|
||||||
signedThumbURL, err := auth.SignURI(handler.AuthInstance, thumbURL, time.Now().Unix()+int64(ttl))
|
signedThumbURL, err := auth.SignURI(handler.AuthInstance, thumbURL, int64(ttl))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
@ -137,23 +136,19 @@ func (handler Handler) Source(
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
expires int64
|
|
||||||
signedURI *url.URL
|
signedURI *url.URL
|
||||||
controller = "/api/v3/slave/download"
|
controller = "/api/v3/slave/download"
|
||||||
)
|
)
|
||||||
if !isDownload {
|
if !isDownload {
|
||||||
controller = "/api/v3/slave/source"
|
controller = "/api/v3/slave/source"
|
||||||
}
|
}
|
||||||
if ttl > 0 {
|
|
||||||
expires = time.Now().Unix() + ttl
|
|
||||||
}
|
|
||||||
|
|
||||||
// 签名下载地址
|
// 签名下载地址
|
||||||
sourcePath := base64.RawURLEncoding.EncodeToString([]byte(file.SourceName))
|
sourcePath := base64.RawURLEncoding.EncodeToString([]byte(file.SourceName))
|
||||||
signedURI, err = auth.SignURI(
|
signedURI, err = auth.SignURI(
|
||||||
handler.AuthInstance,
|
handler.AuthInstance,
|
||||||
fmt.Sprintf("%s/%d/%s/%s", controller, speed, sourcePath, file.Name),
|
fmt.Sprintf("%s/%d/%s/%s", controller, speed, sourcePath, file.Name),
|
||||||
expires,
|
ttl,
|
||||||
)
|
)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -191,7 +186,7 @@ func (handler Handler) Token(ctx context.Context, TTL int64, key string) (serial
|
||||||
uploadRequest.Header = map[string][]string{
|
uploadRequest.Header = map[string][]string{
|
||||||
"X-Policy": {policyEncoded},
|
"X-Policy": {policyEncoded},
|
||||||
}
|
}
|
||||||
auth.SignRequest(handler.AuthInstance, uploadRequest, time.Now().Unix()+TTL)
|
auth.SignRequest(handler.AuthInstance, uploadRequest, TTL)
|
||||||
|
|
||||||
if credential, ok := uploadRequest.Header["Authorization"]; ok && len(credential) == 1 {
|
if credential, ok := uploadRequest.Header["Authorization"]; ok && len(credential) == 1 {
|
||||||
return serializer.UploadCredential{
|
return serializer.UploadCredential{
|
||||||
|
|
|
||||||
|
|
@ -95,7 +95,7 @@ func (c HTTPClient) Request(method, target string, body io.Reader, opts ...Optio
|
||||||
|
|
||||||
// 签名请求
|
// 签名请求
|
||||||
if options.sign != nil {
|
if options.sign != nil {
|
||||||
auth.SignRequest(options.sign, req, time.Now().Unix()+options.signTTL)
|
auth.SignRequest(options.sign, req, options.signTTL)
|
||||||
}
|
}
|
||||||
|
|
||||||
// 发送请求
|
// 发送请求
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue