direktil/local-server
4
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: admin token

Browse Source
This commit is contained in:
Mikaël Cluseau 2019-01-24 11:38:06 +13:00
parent 9acfa08ca4
commit c934632de9
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cmd/dkl-local-server/http.go
View File

@ -20,6 +20,7 @@ import (
var (
hostsToken = flag.String("hosts-token", "", "Token to give to access /hosts (open is none)")
adminToken = flag.String("admin-token", "", "Token to give to access to admin actions (open is none)")
reHost = regexp.MustCompile("^/hosts/([^/]+)/([^/]+)$")
@ -27,14 +28,22 @@ var (
)
func authorizeHosts(r *http.Request) bool {
if *hostsToken == "" {
return authorizeToken(r, *hostsToken)
}
func authorizeAdmin(r *http.Request) bool {
return authorizeToken(r, *adminToken)
}
func authorizeToken(r *http.Request, token string) bool {
if token == "" {
// access is open
return true
}
reqToken := r.Header.Get("Authorization")
return reqToken == "Bearer "+*hostsToken
return reqToken == "Bearer "+token
}
func forbidden(w http.ResponseWriter, r *http.Request) {
@ -256,7 +265,7 @@ func serveCluster(w http.ResponseWriter, r *http.Request) {
}
func uploadConfig(w http.ResponseWriter, r *http.Request) {
if !authorizeHosts(r) { // FIXME admin token instead
if !authorizeAdmin(r) {
forbidden(w, r)
return
}