(w http.ResponseWriter, r *http.Request)
| 177 | } |
| 178 | |
| 179 | func (m *Server) apiAccessEntry(w http.ResponseWriter, r *http.Request) { |
| 180 | var ( |
| 181 | plaintext []byte |
| 182 | err error |
| 183 | jobj proto.AuthAPIAccessReq |
| 184 | ticket cryptoutil.Ticket |
| 185 | ts int64 |
| 186 | newKeyInfo *keystore.KeyInfo |
| 187 | message string |
| 188 | ) |
| 189 | |
| 190 | if plaintext, err = m.extractClientReqInfo(r); err != nil { |
| 191 | sendErrReply(w, r, &proto.HTTPAuthReply{Code: proto.ErrCodeParamError, Msg: err.Error()}) |
| 192 | return |
| 193 | } |
| 194 | |
| 195 | if err = json.Unmarshal([]byte(plaintext), &jobj); err != nil { |
| 196 | sendErrReply(w, r, &proto.HTTPAuthReply{Code: proto.ErrCodeParamError, Msg: "Unmarshal AuthAPIAccessReq failed: " + err.Error()}) |
| 197 | return |
| 198 | } |
| 199 | |
| 200 | apiReq := jobj.APIReq |
| 201 | keyInfo := jobj.KeyInfo |
| 202 | |
| 203 | if err = keyInfo.IsValidID(); err != nil { |
| 204 | sendErrReply(w, r, &proto.HTTPAuthReply{Code: proto.ErrCodeParamError, Msg: err.Error()}) |
| 205 | return |
| 206 | } |
| 207 | |
| 208 | switch apiReq.Type { |
| 209 | case proto.MsgAuthCreateKeyReq: |
| 210 | if keyInfo.ID == proto.AuthServiceID { |
| 211 | sendErrReply(w, r, &proto.HTTPAuthReply{Code: proto.ErrCodeParamError, Msg: "AuthServiceID is reserved"}) |
| 212 | return |
| 213 | } |
| 214 | if err = keyInfo.IsValidKeyInfo(); err != nil { |
| 215 | sendErrReply(w, r, &proto.HTTPAuthReply{Code: proto.ErrCodeParamError, Msg: err.Error()}) |
| 216 | return |
| 217 | } |
| 218 | case proto.MsgAuthDeleteKeyReq: |
| 219 | case proto.MsgAuthGetKeyReq: |
| 220 | case proto.MsgAuthAddCapsReq: |
| 221 | fallthrough |
| 222 | case proto.MsgAuthDeleteCapsReq: |
| 223 | if err = keyInfo.IsValidCaps(); err != nil { |
| 224 | sendErrReply(w, r, &proto.HTTPAuthReply{Code: proto.ErrCodeParamError, Msg: err.Error()}) |
| 225 | return |
| 226 | } |
| 227 | case proto.MsgAuthGetCapsReq: |
| 228 | default: |
| 229 | sendErrReply(w, r, &proto.HTTPAuthReply{Code: proto.ErrCodeParamError, Msg: fmt.Errorf("invalid request messge type %x", int32(apiReq.Type)).Error()}) |
| 230 | return |
| 231 | } |
| 232 | |
| 233 | if err = proto.VerifyAPIAccessReqIDs(&apiReq); err != nil { |
| 234 | sendErrReply(w, r, &proto.HTTPAuthReply{Code: proto.ErrCodeParamError, Msg: "VerifyAPIAccessReqIDs failed: " + err.Error()}) |
| 235 | return |
| 236 | } |
no test coverage detected