diff options
Diffstat (limited to 'src/http_auth.erl')
-rw-r--r-- | src/http_auth.erl | 63 |
1 files changed, 44 insertions, 19 deletions
diff --git a/src/http_auth.erl b/src/http_auth.erl index 6a076fa..5ff716c 100644 --- a/src/http_auth.erl +++ b/src/http_auth.erl @@ -35,15 +35,23 @@ read_key_table() -> KeyName ++ ".pem"), true = ets:insert(?KEY_TABLE, {KeyName, Key}) end, sets:to_list(Keys)), - {_OwnKeyName, OwnKeyFile} = application:get_env(plop, own_key, none), - OwnKey = sign:read_keyfile_ec(OwnKeyFile), - true = ets:insert(?KEY_TABLE, {own_key, OwnKey}). + case application:get_env(plop, own_key, none) of + {_OwnKeyName, OwnKeyFile} -> + OwnKey = sign:read_keyfile_ec(OwnKeyFile), + true = ets:insert(?KEY_TABLE, {own_key, OwnKey}); + none -> + none + end. own_key() -> - {KeyName, _KeyFile} = application:get_env(plop, own_key, none), - [{_, Key}] = ets:lookup(?KEY_TABLE, own_key), - {Key, KeyName}. + case application:get_env(plop, own_key, none) of + {KeyName, _KeyFile} -> + [{_, Key}] = ets:lookup(?KEY_TABLE, own_key), + {Key, KeyName}; + none -> + none + end. lookup_publickey(nokey) -> nokey; @@ -97,24 +105,37 @@ check_acl(Method, KeyName, Path) -> failure end. +get_authheader_keyname(AuthHeader) -> + case string:tokens(AuthHeader, ";") of + [AuthTokenBase64 | OptionsRaw] -> + AuthToken = base64:decode(AuthTokenBase64), + Options = [parse_option(E) || E <- OptionsRaw], + case lists:keyfind("key", 1, Options) of + {_, Value} -> + {Value, AuthToken}; + false -> + {nokey, <<>>} + end; + _ -> + {nokey, <<>>} + end. + + verify_auth(undefined, Method, Path, _Data) -> case check_acl(Method, noauth, Path) of success -> noauth; Error -> - lager:info("anonymous access not allowed for path ~p", [Path]), + case Method of + "REPLY" -> + lager:info("anonymous replies not allowed for path ~p", [Path]); + _ -> + lager:info("anonymous access not allowed for path ~p", [Path]) + end, Error end; verify_auth(AuthHeader, Method, Path, Data) -> - [AuthTokenBase64 | OptionsRaw] = string:tokens(AuthHeader, ";"), - AuthToken = base64:decode(AuthTokenBase64), - Options = [parse_option(E) || E <- OptionsRaw], - KeyName = case lists:keyfind("key", 1, Options) of - {_, Value} -> - Value; - false -> - nokey - end, + {KeyName, AuthToken} = get_authheader_keyname(AuthHeader), AuthSuccess = case lookup_publickey(KeyName) of nokey -> false; @@ -133,6 +154,10 @@ verify_auth(AuthHeader, Method, Path, Data) -> end. create_auth(Method, Path, Data) -> - {Key, KeyName} = own_key(), - AuthToken = sign(Key, Method, Path, Data), - base64:encode_to_string(AuthToken) ++ ";key=" ++ KeyName. + case own_key() of + {Key, KeyName} -> + AuthToken = sign(Key, Method, Path, Data), + base64:encode_to_string(AuthToken) ++ ";key=" ++ KeyName; + none -> + "" + end. |