当前位置: 首页>>代码示例>>Golang>>正文

Golang GUIConfiguration.IsValidAPIKey方法代码示例

本文整理汇总了Golang中github.com/syncthing/syncthing/lib/config.GUIConfiguration.IsValidAPIKey方法的典型用法代码示例。如果您正苦于以下问题:Golang GUIConfiguration.IsValidAPIKey方法的具体用法?Golang GUIConfiguration.IsValidAPIKey怎么用?Golang GUIConfiguration.IsValidAPIKey使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在github.com/syncthing/syncthing/lib/config.GUIConfiguration的用法示例。


在下文中一共展示了GUIConfiguration.IsValidAPIKey方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。

示例1: csrfMiddleware

// Check for CSRF token on /rest/ URLs. If a correct one is not given, reject
// the request with 403. For / and /index.html, set a new CSRF cookie if none
// is currently set.
func csrfMiddleware(unique string, prefix string, cfg config.GUIConfiguration, next http.Handler) http.Handler {
	loadCsrfTokens()
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// Allow requests carrying a valid API key
		if cfg.IsValidAPIKey(r.Header.Get("X-API-Key")) {
			next.ServeHTTP(w, r)
			return
		}

		// Allow requests for anything not under the protected path prefix,
		// and set a CSRF cookie if there isn't already a valid one.
		if !strings.HasPrefix(r.URL.Path, prefix) {
			cookie, err := r.Cookie("CSRF-Token-" + unique)
			if err != nil || !validCsrfToken(cookie.Value) {
				httpl.Debugln("new CSRF cookie in response to request for", r.URL)
				cookie = &http.Cookie{
					Name:  "CSRF-Token-" + unique,
					Value: newCsrfToken(),
				}
				http.SetCookie(w, cookie)
			}
			next.ServeHTTP(w, r)
			return
		}

		// Verify the CSRF token
		token := r.Header.Get("X-CSRF-Token-" + unique)
		if !validCsrfToken(token) {
			http.Error(w, "CSRF Error", 403)
			return
		}

		next.ServeHTTP(w, r)
	})
}
开发者ID:carriercomm,项目名称:syncthing,代码行数:38,代码来源:gui_csrf.go

示例2: csrfMiddleware

// Check for CSRF token on /rest/ URLs. If a correct one is not given, reject
// the request with 403. For / and /index.html, set a new CSRF cookie if none
// is currently set.
func csrfMiddleware(unique string, prefix string, cfg config.GUIConfiguration, next http.Handler) http.Handler {
	loadCsrfTokens()
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// Allow requests carrying a valid API key
		if cfg.IsValidAPIKey(r.Header.Get("X-API-Key")) {
			next.ServeHTTP(w, r)
			return
		}

		// Allow requests for the front page, and set a CSRF cookie if there isn't already a valid one.
		if !strings.HasPrefix(r.URL.Path, prefix) {
			cookie, err := r.Cookie("CSRF-Token-" + unique)
			if err != nil || !validCsrfToken(cookie.Value) {
				httpl.Debugln("new CSRF cookie in response to request for", r.URL)
				cookie = &http.Cookie{
					Name:  "CSRF-Token-" + unique,
					Value: newCsrfToken(),
				}
				http.SetCookie(w, cookie)
			}
			next.ServeHTTP(w, r)
			return
		}

		if r.Method == "GET" {
			// Allow GET requests unconditionally, but if we got the CSRF
			// token cookie do the verification anyway so we keep the
			// csrfTokens list sorted by recent usage. We don't care about the
			// outcome of the validity check.
			if cookie, err := r.Cookie("CSRF-Token-" + unique); err == nil {
				validCsrfToken(cookie.Value)
			}
			next.ServeHTTP(w, r)
			return
		}

		// Verify the CSRF token
		token := r.Header.Get("X-CSRF-Token-" + unique)
		if !validCsrfToken(token) {
			http.Error(w, "CSRF Error", 403)
			return
		}

		next.ServeHTTP(w, r)
	})
}
开发者ID:thermalpaste,项目名称:syncthing,代码行数:49,代码来源:gui_csrf.go

示例3: csrfMiddleware

// Check for CSRF token on /rest/ URLs. If a correct one is not given, reject
// the request with 403. For / and /index.html, set a new CSRF cookie if none
// is currently set.
func csrfMiddleware(unique string, prefix string, cfg config.GUIConfiguration, next http.Handler) http.Handler {
	loadCsrfTokens()
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// Allow requests carrying a valid API key
		if cfg.IsValidAPIKey(r.Header.Get("X-API-Key")) {
			// Set the access-control-allow-origin header for CORS requests
			// since a valid API key has been provided
			w.Header().Add("Access-Control-Allow-Origin", "*")
			next.ServeHTTP(w, r)
			return
		}

		if strings.HasPrefix(r.URL.Path, "/rest/debug") {
			// Debugging functions are only available when explicitly
			// enabled, and can be accessed without a CSRF token
			next.ServeHTTP(w, r)
			return
		}

		// Allow requests for anything not under the protected path prefix,
		// and set a CSRF cookie if there isn't already a valid one.
		if !strings.HasPrefix(r.URL.Path, prefix) {
			cookie, err := r.Cookie("CSRF-Token-" + unique)
			if err != nil || !validCsrfToken(cookie.Value) {
				httpl.Debugln("new CSRF cookie in response to request for", r.URL)
				cookie = &http.Cookie{
					Name:  "CSRF-Token-" + unique,
					Value: newCsrfToken(),
				}
				http.SetCookie(w, cookie)
			}
			next.ServeHTTP(w, r)
			return
		}

		// Verify the CSRF token
		token := r.Header.Get("X-CSRF-Token-" + unique)
		if !validCsrfToken(token) {
			http.Error(w, "CSRF Error", 403)
			return
		}

		next.ServeHTTP(w, r)
	})
}
开发者ID:kluppy,项目名称:syncthing,代码行数:48,代码来源:gui_csrf.go

示例4: basicAuthAndSessionMiddleware

func basicAuthAndSessionMiddleware(cookieName string, cfg config.GUIConfiguration, next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if cfg.IsValidAPIKey(r.Header.Get("X-API-Key")) {
			next.ServeHTTP(w, r)
			return
		}

		cookie, err := r.Cookie(cookieName)
		if err == nil && cookie != nil {
			sessionsMut.Lock()
			_, ok := sessions[cookie.Value]
			sessionsMut.Unlock()
			if ok {
				next.ServeHTTP(w, r)
				return
			}
		}

		httpl.Debugln("Sessionless HTTP request with authentication; this is expensive.")

		error := func() {
			time.Sleep(time.Duration(rand.Intn(100)+100) * time.Millisecond)
			w.Header().Set("WWW-Authenticate", "Basic realm=\"Authorization Required\"")
			http.Error(w, "Not Authorized", http.StatusUnauthorized)
		}

		hdr := r.Header.Get("Authorization")
		if !strings.HasPrefix(hdr, "Basic ") {
			error()
			return
		}

		hdr = hdr[6:]
		bs, err := base64.StdEncoding.DecodeString(hdr)
		if err != nil {
			error()
			return
		}

		fields := bytes.SplitN(bs, []byte(":"), 2)
		if len(fields) != 2 {
			error()
			return
		}

		// Check if the username is correct, assuming it was sent as UTF-8
		username := string(fields[0])
		if username == cfg.User {
			goto usernameOK
		}

		// ... check it again, converting it from assumed ISO-8859-1 to UTF-8
		username = string(iso88591ToUTF8(fields[0]))
		if username == cfg.User {
			goto usernameOK
		}

		// Neither of the possible interpretations match the configured username
		emitLoginAttempt(false, username)
		error()
		return

	usernameOK:
		// Check password as given (assumes UTF-8 encoding)
		password := fields[1]
		if err := bcrypt.CompareHashAndPassword([]byte(cfg.Password), password); err == nil {
			goto passwordOK
		}

		// ... check it again, converting it from assumed ISO-8859-1 to UTF-8
		password = iso88591ToUTF8(password)
		if err := bcrypt.CompareHashAndPassword([]byte(cfg.Password), password); err == nil {
			goto passwordOK
		}

		// Neither of the attempts to verify the password checked out
		emitLoginAttempt(false, username)
		error()
		return

	passwordOK:
		sessionid := util.RandomString(32)
		sessionsMut.Lock()
		sessions[sessionid] = true
		sessionsMut.Unlock()
		http.SetCookie(w, &http.Cookie{
			Name:   cookieName,
			Value:  sessionid,
			MaxAge: 0,
		})

		emitLoginAttempt(true, username)
		next.ServeHTTP(w, r)
	})
}
开发者ID:yanghongkjxy,项目名称:syncthing,代码行数:95,代码来源:gui_auth.go

示例5: basicAuthAndSessionMiddleware

func basicAuthAndSessionMiddleware(cookieName string, cfg config.GUIConfiguration, next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if cfg.IsValidAPIKey(r.Header.Get("X-API-Key")) {
			next.ServeHTTP(w, r)
			return
		}

		cookie, err := r.Cookie(cookieName)
		if err == nil && cookie != nil {
			sessionsMut.Lock()
			_, ok := sessions[cookie.Value]
			sessionsMut.Unlock()
			if ok {
				next.ServeHTTP(w, r)
				return
			}
		}

		httpl.Debugln("Sessionless HTTP request with authentication; this is expensive.")

		error := func() {
			time.Sleep(time.Duration(rand.Intn(100)+100) * time.Millisecond)
			w.Header().Set("WWW-Authenticate", "Basic realm=\"Authorization Required\"")
			http.Error(w, "Not Authorized", http.StatusUnauthorized)
		}

		hdr := r.Header.Get("Authorization")
		if !strings.HasPrefix(hdr, "Basic ") {
			error()
			return
		}

		hdr = hdr[6:]
		bs, err := base64.StdEncoding.DecodeString(hdr)
		if err != nil {
			error()
			return
		}

		fields := bytes.SplitN(bs, []byte(":"), 2)
		if len(fields) != 2 {
			error()
			return
		}

		username := string(fields[0])
		if username != cfg.User {
			emitLoginAttempt(false, username)
			error()
			return
		}

		if err := bcrypt.CompareHashAndPassword([]byte(cfg.Password), fields[1]); err != nil {
			emitLoginAttempt(false, username)
			error()
			return
		}

		sessionid := util.RandomString(32)
		sessionsMut.Lock()
		sessions[sessionid] = true
		sessionsMut.Unlock()
		http.SetCookie(w, &http.Cookie{
			Name:   cookieName,
			Value:  sessionid,
			MaxAge: 0,
		})

		emitLoginAttempt(true, username)
		next.ServeHTTP(w, r)
	})
}
开发者ID:WeavingCode,项目名称:syncthing,代码行数:72,代码来源:gui_auth.go


注:本文中的github.com/syncthing/syncthing/lib/config.GUIConfiguration.IsValidAPIKey方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。