-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmain.go
112 lines (95 loc) · 2.88 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package main
import (
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"strings"
goku_plugin "github.com/eolinker/goku-plugin"
)
type basicAuthNode struct {
UserName string `json:"userName"`
Password string `json:"password"`
HideCredential bool `json:"hideCredential"`
Remark string `json:"remark"`
}
type basicAuthConf []basicAuthNode
var builder = new(gokuBaseAuthPluginFactory)
func Builder() goku_plugin.PluginFactory {
return builder
}
type gokuBaseAuthPluginFactory struct {
}
func (f *gokuBaseAuthPluginFactory) Create(config string, clusterName string, updateTag string, strategyId string, apiId int) (*goku_plugin.PluginObj, error) {
var conf basicAuthConf
if err := json.Unmarshal([]byte(config), &conf); err != nil {
//解析配置信息失败
return nil, fmt.Errorf("[basic_auth] Parsing plugin config error:%s", err.Error())
}
p := &gokuBasicAuth{
conf: conf,
}
return &goku_plugin.PluginObj{
Access: p,
}, nil
}
type gokuBasicAuth struct {
conf basicAuthConf
}
func (p *gokuBasicAuth) Access(ctx goku_plugin.ContextAccess) (isContinue bool, e error) {
if ctx.Request().GetHeader("Authorization") == "" && ctx.Request().GetHeader("Proxy-Authorization") == "" {
//缺basicAuth认证信息
ctx.AddHeader("WWW-Authenticate", "Basic Restricted")
ctx.SetStatus(401, "401")
ctx.SetBody([]byte("[basic_auth] Can not find the header named Authorization or named Proxy-Authorization."))
return false, nil
}
headerName := "Proxy-Authorization"
givenUserName, givenPassword, err := retrieveCredentials(ctx.Request().GetHeader(headerName))
if err != nil {
headerName = "Authorization"
givenUserName, givenPassword, err = retrieveCredentials(ctx.Request().GetHeader(headerName))
if err != nil {
//解析认证信息失败
ctx.SetStatus(403, "403")
ctx.SetBody([]byte(err.Error()))
return false, err
}
}
for _, node := range p.conf {
if givenUserName == node.UserName && givenPassword == node.Password {
if node.HideCredential {
ctx.Proxy().DelHeader(headerName)
}
return true, nil
}
}
//认证失败
ctx.SetStatus(403, "403")
ctx.SetBody([]byte("[basic_auth] Invalid basic authentication"))
return false, nil
}
// 获取basicAuth认证信息
func retrieveCredentials(authInfo string) (string, string, error) {
if authInfo != "" {
const basic = "basic"
l := len(basic)
if len(authInfo) > l+1 && strings.ToLower(authInfo[:l]) == basic {
b, err := base64.StdEncoding.DecodeString(authInfo[l+1:])
if err != nil {
return "", "", err
}
cred := string(b)
for i := 0; i < len(cred); i++ {
if cred[i] == ':' {
return cred[:i], cred[i+1:], nil
}
}
return "", "", errors.New("[basic_auth] header has unrecognized format")
} else {
return "", "", errors.New("[basic_auth] header has unrecognized format")
}
} else {
return "", "", errors.New("[basic_auth] authorization required")
}
}