Documentation
¶
Index ¶
- Constants
- Variables
- func ForceSignDecorator(keys Keys, host, methods string) httphandler.Decorator
- func S3Decorator(keys Keys) httphandler.Decorator
- func SignAuthServiceDecorator(backend, endpoint, host string) httphandler.Decorator
- func SignDecorator(keys Keys, region, host string) httphandler.Decorator
- type APIErrorCode
- type Keys
- type ParsedAuthorizationHeader
Constants ¶
View Source
const ( // Passthrough is basic type, does nothing to the request Passthrough = "passthrough" // S3FixedKey will sign requests with single key S3FixedKey = "S3FixedKey" // S3AuthService will sign requests using key from external source S3AuthService = "S3AuthService" )
Variables ¶
View Source
var Decorators = map[string]func(string, config.Storage) (httphandler.Decorator, error){ Passthrough: func(string, config.Storage) (httphandler.Decorator, error) { return func(rt http.RoundTripper) http.RoundTripper { return rt }, nil }, S3FixedKey: func(backend string, backendConf config.Storage) (httphandler.Decorator, error) { accessKey, ok := backendConf.Properties["AccessKey"] if !ok { return nil, fmt.Errorf("no AccessKey defined for backend type %q", S3FixedKey) } secret, ok := backendConf.Properties["Secret"] if !ok { return nil, fmt.Errorf("no Secret defined for backend type %q", S3FixedKey) } keys := Keys{ AccessKeyID: accessKey, SecretAccessKey: secret, } methods := backendConf.Properties["Methods"] return ForceSignDecorator(keys, backendConf.Backend.Host, methods), nil }, S3AuthService: func(backend string, backendConf config.Storage) (httphandler.Decorator, error) { endpoint, ok := backendConf.Properties["AuthServiceEndpoint"] if !ok { endpoint = "default" } return SignAuthServiceDecorator(backend, endpoint, backendConf.Backend.Host), nil }, }
Decorators maps Backend type with httphadler decorators factory
Functions ¶
func ForceSignDecorator ¶
func ForceSignDecorator(keys Keys, host, methods string) httphandler.Decorator
ForceSignDecorator will recompute auth headers for new Key
func S3Decorator ¶
func S3Decorator(keys Keys) httphandler.Decorator
S3Decorator checks if request Signature matches s3 keys
func SignAuthServiceDecorator ¶
func SignAuthServiceDecorator(backend, endpoint, host string) httphandler.Decorator
SignAuthServiceDecorator will compute
func SignDecorator ¶
func SignDecorator(keys Keys, region, host string) httphandler.Decorator
SignDecorator will recompute auth headers for new Key
Types ¶
type APIErrorCode ¶
type APIErrorCode int
APIErrorCode type of error status.
const ( ErrAuthHeaderEmpty APIErrorCode = iota ErrSignatureDoesNotMatch ErrIncorrectAuthHeader ErrUnsupportedSignatureVersion ErrNone )
Error codes, non exhaustive list - http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
func DoesSignMatch ¶
func DoesSignMatch(r *http.Request, cred Keys) APIErrorCode
DoesSignMatch - Verify authorization header with calculated header returns true if matches, false otherwise. if error is not nil then it is always false
type Keys ¶
type Keys struct {
AccessKeyID string `json:"access-key" yaml:"AccessKey"`
SecretAccessKey string `json:"secret-key" yaml:"Secret"`
}
Keys user credentials
type ParsedAuthorizationHeader ¶
type ParsedAuthorizationHeader struct {
Version string
AccessKey string
Signature string
SignedHeaders string
Region string
}
ParsedAuthorizationHeader holds the parsed "Authorization" header content
func ParseAuthorizationHeader ¶
func ParseAuthorizationHeader(authorizationHeader string) (authHeader ParsedAuthorizationHeader, err error)
ParseAuthorizationHeader - extract S3 authorization header details
Source Files
Click to show internal directories.
Click to hide internal directories.