mirrors/acme-dns
1
0
Fork 0
mirror of https://github.com/joohoi/acme-dns.git synced 2025-07-13 17:27:51 +07:00
Code Issues Packages Projects Releases Wiki Activity

Added subdomain check to auth middleware

Browse Source
This commit is contained in:
Joona Hoikkala
2016-11-21 12:19:05 +02:00
parent 8d21f32d1e
commit c2e19cc6da
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
api.go
View File

@ -22,14 +22,21 @@ func PostHandlerMap() map[string]func(*iris.Context) {
func (a AuthMiddleware) Serve(ctx *iris.Context) { func (a AuthMiddleware) Serve(ctx *iris.Context) {
usernameStr := ctx.RequestHeader("X-Api-User") usernameStr := ctx.RequestHeader("X-Api-User")
password := ctx.RequestHeader("X-Api-Key") password := ctx.RequestHeader("X-Api-Key")
postData := ACMETxt{}
username, err := GetValidUsername(usernameStr) username, err := GetValidUsername(usernameStr)
if err == nil && ValidKey(password) { if err == nil && ValidKey(password) {
au, err := DB.GetByUsername(username) au, err := DB.GetByUsername(username)
if err == nil && CorrectPassword(password, au.Password) { if err == nil && CorrectPassword(password, au.Password) {
log.Debugf("Accepted authentication from [%s]", usernameStr) // Password ok
ctx.Next() if err := ctx.ReadJSON(&postData); err != nil {
return // Check that the subdomain belongs to the user
if au.Subdomain == postData.Subdomain {
log.Debugf("Accepted authentication from [%s]", usernameStr)
ctx.Next()
return
}
}
} }
// To protect against timed side channel (never gonna give you up) // To protect against timed side channel (never gonna give you up)
CorrectPassword(password, "$2a$10$8JEFVNYYhLoBysjAxe2yBuXrkDojBQBkVpXEQgyQyjn43SvJ4vL36") CorrectPassword(password, "$2a$10$8JEFVNYYhLoBysjAxe2yBuXrkDojBQBkVpXEQgyQyjn43SvJ4vL36")