Merge pull request #299 from vania-pooh/master

Ability to use root token as authentication measure (fixes #298)
aerokube · Dec 4, 2019 · 3a6bcde · 3a6bcde
2 parents 16fe0b3 + b23891c
commit 3a6bcde
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 0 deletions.
diff --git a/main.go b/main.go
@@ -24,6 +24,7 @@ var (
 	gracefulPeriod     time.Duration
 	guestAccessAllowed bool
 	guestUserName      string
+	rootToken          string
 	verbose            bool
 
 	startTime      = time.Now()
@@ -90,6 +91,7 @@ func init() {
 	flag.StringVar(&users, "users", ".htpasswd", "htpasswd auth file path")
 	flag.DurationVar(&timeout, "timeout", 300*time.Second, "session creation timeout in time.Duration format, e.g. 300s or 500ms")
 	flag.DurationVar(&gracefulPeriod, "graceful-period", 300*time.Second, "graceful shutdown period in time.Duration format, e.g. 300s or 500ms")
+	flag.StringVar(&rootToken, "root-token", "", "Root token value")
 	flag.BoolVar(&version, "version", false, "show version and exit")
 	flag.BoolVar(&verbose, "verbose", false, "enable verbose mode")
 	flag.Parse()

diff --git a/proxy.go b/proxy.go
@@ -597,6 +597,12 @@ func requireBasicAuth(authenticator *auth.BasicAuth, handler func(http.ResponseW
 //WithSuitableAuthentication handles basic authentication and guest quota processing
 func WithSuitableAuthentication(authenticator *auth.BasicAuth, handler func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
+		if rootToken != "" {
+			if rootToken == r.Header.Get("X-Ggr-Root-Token") {
+				handler(w, r)
+				return
+			}
+		}
 		if !guestAccessAllowed {
 			//All requests require authentication
 			requireBasicAuth(authenticator, handler)(w, r)

diff --git a/proxy_test.go b/proxy_test.go
@@ -348,6 +348,15 @@ func TestProxyVideoFileWithoutAuth(t *testing.T) {
 	AssertThat(t, rsp, Code{http.StatusUnauthorized})
 }
 
+func TestProxyVideoFileIncorrectRootToken(t *testing.T) {
+	req, _ := http.NewRequest(http.MethodGet, gridrouter("/video/123"), nil)
+	req.Header.Add("X-Ggr-Root-Token", "wrong-token")
+	rsp, err := http.DefaultClient.Do(req)
+
+	AssertThat(t, err, Is{nil})
+	AssertThat(t, rsp, Code{http.StatusUnauthorized})
+}
+
 func TestProxyVideoFile(t *testing.T) {
 
 	test.Lock()
@@ -360,6 +369,16 @@ func TestProxyVideoFile(t *testing.T) {
 	AssertThat(t, err, Is{nil})
 	AssertThat(t, rsp, Code{http.StatusOK})
 
+	rootToken = "correct-token"
+	defer func() {
+		rootToken = ""
+	}()
+	req, _ := http.NewRequest(http.MethodGet, gridrouter(fmt.Sprintf("/video/%s", sessionID)), nil)
+	req.Header.Add("X-Ggr-Root-Token", "correct-token")
+	rsp, err = http.DefaultClient.Do(req)
+	AssertThat(t, err, Is{nil})
+	AssertThat(t, rsp, Code{http.StatusOK})
+
 	rsp, err = doBasicHTTPRequest(http.MethodGet, gridrouter("/video/missing-file"), nil)
 	AssertThat(t, err, Is{nil})
 	AssertThat(t, rsp, Code{http.StatusNotFound})