api: More cleanups at WebAPI.

- Fixes a bug where bucketName was not denormalized.
- Remove unneeded functions from jwt.go
This commit is contained in:
Harshavardhana
2016-01-25 17:29:20 -08:00
parent f1ea609175
commit ae2f15c6d0
6 changed files with 117 additions and 61 deletions
+19 -2
View File
@@ -1,3 +1,19 @@
/*
* Minio Cloud Storage, (C) 2016 Minio, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package main
import (
@@ -12,7 +28,7 @@ type authHandler struct {
}
// AuthHandler -
// Verify if authorization header has signature version '2', reject it cleanly.
// Verify if authorization header is of form JWT, reject it otherwise.
func AuthHandler(h http.Handler) http.Handler {
return authHandler{h}
}
@@ -20,11 +36,12 @@ func AuthHandler(h http.Handler) http.Handler {
// Ignore request if authorization header is not valid.
func (h authHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Let the top level caller handle if the requests should be
// allowed.
// allowed, if there are no Authorization headers.
if r.Header.Get("Authorization") == "" {
h.handler.ServeHTTP(w, r)
return
}
// Validate Authorization header to be valid.
jwt := InitJWT()
token, err := jwtgo.ParseFromRequest(r, func(token *jwtgo.Token) (interface{}, error) {
if _, ok := token.Method.(*jwtgo.SigningMethodRSA); !ok {