msb-public
/
cloudreve
mirror of https://github.com/cloudreve/Cloudreve
1
0
Code Issues Projects Releases Wiki Activity

Modify: add time.Now for expiration inside signing function

Browse Source
pull/247/head
HFO4 5 years ago
parent 9c48f4b7ad
commit 0f93864c8e
5 changed files with 19 additions and 20 deletions
Show Stats Download Patch File Download Diff File

11
pkg/auth/auth.go
Unescape View File

@ -10,6 +10,7 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"strings" "strings"
"time"
) )
var ( var (
@ -32,6 +33,11 @@ type Auth interface {
// 包含 X-Policy 则此请求会被认定为上传请求只会对URI部分和 // 包含 X-Policy 则此请求会被认定为上传请求只会对URI部分和
// Policy部分进行签名。其他请求则会对URI和Body部分进行签名。 // Policy部分进行签名。其他请求则会对URI和Body部分进行签名。
func SignRequest(instance Auth, r *http.Request, expires int64) *http.Request { func SignRequest(instance Auth, r *http.Request, expires int64) *http.Request {
// 处理有效期
if expires > 0 {
expires += time.Now().Unix()
}
// 生成签名 // 生成签名
sign := instance.Sign(getSignContent(r), expires) sign := instance.Sign(getSignContent(r), expires)
@ -73,6 +79,11 @@ func getSignContent(r *http.Request) (rawSignString string) {
// SignURI 对URI进行签名,签名只针对Path部分query部分不做验证 // SignURI 对URI进行签名,签名只针对Path部分query部分不做验证
func SignURI(instance Auth, uri string, expires int64) (*url.URL, error) { func SignURI(instance Auth, uri string, expires int64) (*url.URL, error) {
// 处理有效期
if expires != 0 {
expires += time.Now().Unix()
}
base, err := url.Parse(uri) base, err := url.Parse(uri)
if err != nil { if err != nil {
return nil, err return nil, err

5
pkg/auth/auth_test.go
Unescape View File

@ -7,7 +7,6 @@ import (
"net/http" "net/http"
"strings" "strings"
"testing" "testing"
"time"
) )
func TestSignURI(t *testing.T) { func TestSignURI(t *testing.T) {
@ -37,14 +36,14 @@ func TestCheckURI(t *testing.T) {
// 成功 // 成功
{ {
sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", time.Now().Unix()+10) sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", 10)
asserts.NoError(err) asserts.NoError(err)
asserts.NoError(CheckURI(General, sign)) asserts.NoError(CheckURI(General, sign))
} }
// 过期 // 过期
{ {
sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", time.Now().Unix()-1) sign, err := SignURI(General, "/api/ok?if=sdf&fd=go", -1)
asserts.NoError(err) asserts.NoError(err)
asserts.Error(CheckURI(General, sign)) asserts.Error(CheckURI(General, sign))
} }

10
pkg/filesystem/local/handler.go
Unescape View File

@ -16,7 +16,6 @@ import (
"net/url" "net/url"
"os" "os"
"path/filepath" "path/filepath"
"time"
) )
// Handler 本地策略适配器 // Handler 本地策略适配器
@ -124,11 +123,6 @@ func (handler Handler) Source(
return "", errors.New("无法获取文件记录上下文") return "", errors.New("无法获取文件记录上下文")
} }
var expires int64
if ttl > 0 {
expires = time.Now().Unix() + ttl
}
var ( var (
signedURI *url.URL signedURI *url.URL
err error err error
@ -145,14 +139,14 @@ func (handler Handler) Source(
signedURI, err = auth.SignURI( signedURI, err = auth.SignURI(
auth.General, auth.General,
fmt.Sprintf("/api/v3/file/download/%s", downloadSessionID), fmt.Sprintf("/api/v3/file/download/%s", downloadSessionID),
expires, ttl,
) )
} else { } else {
// 签名生成文件记录 // 签名生成文件记录
signedURI, err = auth.SignURI( signedURI, err = auth.SignURI(
auth.General, auth.General,
fmt.Sprintf("/api/v3/file/get/%d/%s", file.ID, file.Name), fmt.Sprintf("/api/v3/file/get/%d/%s", file.ID, file.Name),
expires, ttl,
) )
} }

11
pkg/filesystem/remote/handler.go
Unescape View File

@ -17,7 +17,6 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"strings" "strings"
"time"
) )
// Handler 远程存储策略适配器 // Handler 远程存储策略适配器
@ -106,7 +105,7 @@ func (handler Handler) Thumb(ctx context.Context, path string) (*response.Conten
sourcePath := base64.RawURLEncoding.EncodeToString([]byte(path)) sourcePath := base64.RawURLEncoding.EncodeToString([]byte(path))
thumbURL := handler.getAPI("thumb") + "/" + sourcePath thumbURL := handler.getAPI("thumb") + "/" + sourcePath
ttl := model.GetIntSetting("slave_api_timeout", 60) ttl := model.GetIntSetting("slave_api_timeout", 60)
signedThumbURL, err := auth.SignURI(handler.AuthInstance, thumbURL, time.Now().Unix()+int64(ttl)) signedThumbURL, err := auth.SignURI(handler.AuthInstance, thumbURL, int64(ttl))
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -137,23 +136,19 @@ func (handler Handler) Source(
} }
var ( var (
expires int64
signedURI *url.URL signedURI *url.URL
controller = "/api/v3/slave/download" controller = "/api/v3/slave/download"
) )
if !isDownload { if !isDownload {
controller = "/api/v3/slave/source" controller = "/api/v3/slave/source"
} }
if ttl > 0 {
expires = time.Now().Unix() + ttl
}
// 签名下载地址 // 签名下载地址
sourcePath := base64.RawURLEncoding.EncodeToString([]byte(file.SourceName)) sourcePath := base64.RawURLEncoding.EncodeToString([]byte(file.SourceName))
signedURI, err = auth.SignURI( signedURI, err = auth.SignURI(
handler.AuthInstance, handler.AuthInstance,
fmt.Sprintf("%s/%d/%s/%s", controller, speed, sourcePath, file.Name), fmt.Sprintf("%s/%d/%s/%s", controller, speed, sourcePath, file.Name),
expires, ttl,
) )
if err != nil { if err != nil {
@ -191,7 +186,7 @@ func (handler Handler) Token(ctx context.Context, TTL int64, key string) (serial
uploadRequest.Header = map[string][]string{ uploadRequest.Header = map[string][]string{
"X-Policy": {policyEncoded}, "X-Policy": {policyEncoded},
} }
auth.SignRequest(handler.AuthInstance, uploadRequest, time.Now().Unix()+TTL) auth.SignRequest(handler.AuthInstance, uploadRequest, TTL)
if credential, ok := uploadRequest.Header["Authorization"]; ok && len(credential) == 1 { if credential, ok := uploadRequest.Header["Authorization"]; ok && len(credential) == 1 {
return serializer.UploadCredential{ return serializer.UploadCredential{

2
pkg/request/request.go
Unescape View File

@ -95,7 +95,7 @@ func (c HTTPClient) Request(method, target string, body io.Reader, opts ...Optio
// 签名请求 // 签名请求
if options.sign != nil { if options.sign != nil {
auth.SignRequest(options.sign, req, time.Now().Unix()+options.signTTL) auth.SignRequest(options.sign, req, options.signTTL)
} }
// 发送请求 // 发送请求

Write Preview
Loading…
Cancel
Save