Added authentication

1 files changed, 38 insertions, 6 deletions

diff --git a/src/plop.erl b/src/plop.erl
index f90d287..cfca343 100644
--- a/src/plop.erl
+++ b/src/plop.erl
@@ -194,6 +194,16 @@ storage_nodes_quorum() ->
     {ok, Value} = application:get_env(plop, storage_nodes_quorum),
     Value.
 
+add_auth(Method, Path, Headers, Data) ->
+    AuthHeader = http_auth:create_auth(Method, Path, Data),
+    lager:debug("sent auth header: ~p", [AuthHeader]),
+    [{"X-Catlfish-Auth", AuthHeader} | Headers].
+
+get_auth_header(Headers) ->
+    Result = binary_to_list(hackney_headers:get_value("X-Catlfish-Auth", Headers)),
+    lager:debug("received auth header: ~p", [Result]),
+    Result.
+
 send_http_request(TreeLeafHash, URL, Headers, RequestBody) ->
     ParentPid = self(),
     RequestId = make_ref(),
@@ -202,17 +212,39 @@ send_http_request(TreeLeafHash, URL, Headers, RequestBody) ->
                   Starttime = os:timestamp(),
                   ParsedURL = hackney_url:parse_url(URL),
                   #hackney_url{path = Path} = ParsedURL,
-                  lager:debug("leafhash ~s: sending http request to ~p", [mochihex:to_hex(TreeLeafHash), URL]),
+                  lager:debug("leafhash ~s: sending http request to ~p",
+                              [mochihex:to_hex(TreeLeafHash), URL]),
                   {ok, ConnRef} = hackney:connect(ParsedURL, [{ssl_options, [{cacertfile, CACertFile}]}]),
-                  lager:debug("leafhash ~s: connected to ~p", [mochihex:to_hex(TreeLeafHash), URL]),
-                  {ok, StatusCode, RespHeaders, ClientRef} = hackney:send_request(ConnRef, {post, Path, Headers, RequestBody}),
-                  lager:debug("leafhash ~s: received headers for ~p", [mochihex:to_hex(TreeLeafHash), URL]),
+                  lager:debug("leafhash ~s: connected to ~p",
+                              [mochihex:to_hex(TreeLeafHash), URL]),
+                  {ok, StatusCode, RespHeaders, ClientRef} =
+                      hackney:send_request(ConnRef,
+                                           {post, Path,
+                                            add_auth("POST", Path, Headers,
+                                                     RequestBody),
+                                            RequestBody}),
+                  lager:debug("leafhash ~s: received headers for ~p: ~p",
+                              [mochihex:to_hex(TreeLeafHash), URL, RespHeaders]),
                   {ok, Body} = hackney:body(ClientRef),
                   Stoptime = os:timestamp(),
                   hackney:close(ClientRef),
-                  lager:debug("leafhash ~s: received body for ~p: time ~p", [mochihex:to_hex(TreeLeafHash), URL, timer:now_diff(Stoptime, Starttime)]),
+                  lager:debug("leafhash ~s: received body for ~p: time ~p",
+                              [mochihex:to_hex(TreeLeafHash), URL, timer:now_diff(Stoptime, Starttime)]),
                   StatusLine = {none, StatusCode, none},
-                  ParentPid ! {http, {RequestId, {StatusLine, RespHeaders, Body}}}
+                  AuthHeader = get_auth_header(hackney_headers:new(RespHeaders)),
+                  case http_auth:verify_auth(AuthHeader, "REPLY",
+                                             binary_to_list(Path), Body) of
+                      failure ->
+                          lager:debug("auth check failed"),
+                          drop;
+                      success ->
+                          lager:debug("auth check succeeded"),
+                          ParentPid ! {http, {RequestId,
+                                              {StatusLine, RespHeaders, Body}}};
+                      noauth ->
+                          lager:debug("no auth"),
+                          drop
+                  end
           end),
     RequestId.