Skip to content

Commit

Permalink
Merge pull request #372 from taosdata/3.0
Browse files Browse the repository at this point in the history
merge 3.0 to main
  • Loading branch information
huskar-t authored Dec 25, 2024
2 parents 42de6d8 + e4709e8 commit a67cb72
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 83 deletions.
4 changes: 2 additions & 2 deletions controller/rest/auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ func CheckAuth(c *gin.Context) {
c.Set(PasswordKey, info.Password)
return
}
if strings.HasPrefix(auth, "Basic") {
if strings.HasPrefix(auth, "Basic") && len(auth) > 6 {
user, password, err := tools.DecodeBasic(auth[6:])
if err != nil {
UnAuthResponse(c, logger, httperror.HTTP_INVALID_BASIC_AUTH)
Expand All @@ -129,7 +129,7 @@ func CheckAuth(c *gin.Context) {
})
c.Set(UserKey, user)
c.Set(PasswordKey, password)
} else if strings.HasPrefix(auth, "Taosd") {
} else if strings.HasPrefix(auth, "Taosd") && len(auth) > 6 {
user, password, err := DecodeDes(auth[6:])
if err != nil {
UnAuthResponse(c, logger, httperror.HTTP_INVALID_TAOSD_AUTH)
Expand Down
80 changes: 3 additions & 77 deletions plugin/auth.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package plugin

import (
"encoding/base64"
"errors"
"net/http"
"strings"
Expand Down Expand Up @@ -41,62 +40,13 @@ func Auth(errHandler func(c *gin.Context, code int, err error)) func(c *gin.Cont
c.Set(PasswordKey, info.Password)
return
}
if strings.HasPrefix(auth, "Basic") {
b, err := base64.StdEncoding.DecodeString(auth[6:])
if strings.HasPrefix(auth, "Basic") && len(auth) > 6 {
user, password, err := tools.DecodeBasic(auth[6:])
if err != nil {
errHandler(c, http.StatusUnauthorized, err)
c.Abort()
return
}
var user, password string
sl := strings.Split(string(b), ":")

if len(sl) == 2 {
user = sl[0]
password = sl[1]
} else if len(sl) == 3 {
if sl[2] == "a" {
encodeData, err := base64.StdEncoding.DecodeString(sl[0])
if err != nil {
errHandler(c, http.StatusUnauthorized, err)
c.Abort()
return
}
key, err := base64.StdEncoding.DecodeString(sl[1])
if err != nil {
errHandler(c, http.StatusUnauthorized, err)
c.Abort()
return
}
if len(key) != 16 {
errHandler(c, http.StatusUnauthorized, errors.New("parse error"))
c.Abort()
return
}
authBytes, err := tools.AesDecrypt(encodeData, key)
if err != nil {
errHandler(c, http.StatusUnauthorized, err)
c.Abort()
return
}
a := strings.Split(string(authBytes), ":")
if len(a) != 2 {
errHandler(c, http.StatusUnauthorized, errors.New("parse error"))
c.Abort()
return
}
user = a[0]
password = a[1]
} else {
errHandler(c, http.StatusUnauthorized, errors.New("unknown auth type"))
c.Abort()
return
}
} else {
errHandler(c, http.StatusUnauthorized, errors.New("parse error"))
c.Abort()
return
}
authCache.SetDefault(auth, &authInfo{
User: user,
Password: password,
Expand All @@ -121,31 +71,7 @@ func RegisterGenerateAuth(r gin.IRouter) {
b.WriteString(user)
b.WriteByte(':')
b.WriteString(password)
keyBytes := make([]byte, 16)
maxLen := len(key)
if maxLen > 16 {
maxLen = 16
}
for i := 0; i < maxLen; i++ {
keyBytes[i] = key[i]
}
d, err := tools.AesEncrypt(b.Bytes(), keyBytes)
if err != nil {
c.AbortWithStatus(http.StatusBadRequest)
return
}
l1 := make([]byte, base64.StdEncoding.EncodedLen(len(d)))
base64.StdEncoding.Encode(l1, d)
l2 := make([]byte, base64.StdEncoding.EncodedLen(len(keyBytes)))
base64.StdEncoding.Encode(l2, keyBytes)
buf := pool.BytesPoolGet()
buf.Write(l1)
buf.WriteByte(':')
buf.Write(l2)
buf.WriteByte(':')
buf.WriteString("a")
c.String(http.StatusOK, buf.String())
pool.BytesPoolPut(buf)
c.String(http.StatusOK, b.String())
})
}

Expand Down
2 changes: 1 addition & 1 deletion plugin/influxdb/plugin.go
Original file line number Diff line number Diff line change
Expand Up @@ -239,7 +239,7 @@ func getAuth(c *gin.Context) {
auth := c.GetHeader("Authorization")
if len(auth) != 0 {
auth = strings.TrimSpace(auth)
if strings.HasPrefix(auth, "Basic") {
if strings.HasPrefix(auth, "Basic") && len(auth) > 6 {
user, password, err := tools.DecodeBasic(auth[6:])
if err == nil {
c.Set(plugin.UserKey, user)
Expand Down
2 changes: 1 addition & 1 deletion tools/basic.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ func DecodeBasic(auth string) (user, password string, err error) {
if err != nil {
return "", "", err
}
sl := strings.Split(string(b), ":")
sl := strings.SplitN(string(b), ":", 2)
if len(sl) != 2 {
return "", "", errors.New("wrong basic auth")
}
Expand Down
15 changes: 13 additions & 2 deletions tools/basic_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,15 +34,17 @@ func TestDecodeBasic(t *testing.T) {
wantUser: "root",
wantPassword: "taosdata",
wantErr: false,
}, {
},
{
name: "wrong base64",
args: args{
auth: "wrong base64",
},
wantUser: "",
wantPassword: "",
wantErr: true,
}, {
},
{
name: "wrong split",
args: args{
auth: "cm9vdHRhb3NkYXRh",
Expand All @@ -51,6 +53,15 @@ func TestDecodeBasic(t *testing.T) {
wantPassword: "",
wantErr: true,
},
{
name: "special char",
args: args{
auth: "dGVzdDoxIXFAIyQlXiYqKCktXys9W117fTo7Pjw/fH4sLg==",
},
wantUser: "test",
wantPassword: "1!q@#$%^&*()-_+=[]{}:;><?|~,.",
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Expand Down

0 comments on commit a67cb72

Please sign in to comment.