https://docs.aws.amazon.com/zh_cn/STS/latest/APIReference/API_GetFederationToken.html
(w http.ResponseWriter, r *http.Request)
| 27 | |
| 28 | // https://docs.aws.amazon.com/zh_cn/STS/latest/APIReference/API_GetFederationToken.html |
| 29 | func (o *ObjectNode) getFederationTokenHandler(w http.ResponseWriter, r *http.Request) { |
| 30 | var ( |
| 31 | err error |
| 32 | erc *ErrorCode |
| 33 | ) |
| 34 | defer func() { |
| 35 | o.errorResponse(w, r, err, erc) |
| 36 | }() |
| 37 | // request param check |
| 38 | if token := r.Header.Get(XAmzSecurityToken); token != "" { |
| 39 | erc = AccessDeniedBySTS |
| 40 | return |
| 41 | } |
| 42 | if action := r.PostFormValue(stsActionKey); action != stsActionValue { |
| 43 | log.LogErrorf("getFederationTokenHandler: sts action invalid: requestID(%v) action(%v)", |
| 44 | GetRequestID(r), action) |
| 45 | erc = InvalidArgument |
| 46 | return |
| 47 | } |
| 48 | name := r.PostFormValue(stsNameKey) |
| 49 | matched, _ := regexp.MatchString(`^[\w+=,.@-]*$`, name) |
| 50 | if len(name) < 2 || len(name) > 32 || !matched { |
| 51 | log.LogErrorf("getFederationTokenHandler: sts name invalid: requestID(%v) name(%v) err(%v)", |
| 52 | GetRequestID(r), name, err) |
| 53 | erc = InvalidArgument |
| 54 | return |
| 55 | } |
| 56 | policy := r.PostFormValue(stsPolicyKey) |
| 57 | if _, err = ParsePolicyV2Config(policy); err != nil { |
| 58 | log.LogErrorf("getFederationTokenHandler: sts policy invalid: requestID(%v) policy(%v) err(%v)", |
| 59 | GetRequestID(r), policy, err) |
| 60 | erc = &ErrorCode{ |
| 61 | ErrorCode: "MalformedPolicyDocument", |
| 62 | ErrorMessage: fmt.Sprintf("The policy document was malformed: %v.", err.Error()), |
| 63 | StatusCode: http.StatusBadRequest, |
| 64 | } |
| 65 | return |
| 66 | } |
| 67 | seconds := r.PostFormValue(stsDurationSecondsKey) |
| 68 | durationSeconds, _ := strconv.ParseInt(seconds, 10, 64) |
| 69 | if durationSeconds < 900 || durationSeconds > 129600 { |
| 70 | durationSeconds = 43200 |
| 71 | } |
| 72 | param := ParseRequestParam(r) |
| 73 | user, err := o.getUserInfoByAccessKeyV2(param.AccessKey()) |
| 74 | if err != nil { |
| 75 | log.LogErrorf("getFederationTokenHandler: get user info fail: requestID(%v) accessKey(%v) err(%v)", |
| 76 | GetRequestID(r), param.AccessKey(), err) |
| 77 | return |
| 78 | } |
| 79 | // federated ak/sk generation |
| 80 | now := time.Now().UTC() |
| 81 | expireUnixStr := fmt.Sprint(now.Unix() + durationSeconds) |
| 82 | fedAk := stsAkPrefix + util.RandomString(13, util.Numeric|util.LowerLetter|util.UpperLetter) |
| 83 | fedSk := util.RandomString(32, util.Numeric|util.LowerLetter|util.UpperLetter) |
| 84 | sessionToken, err := EncodeFedSessionToken(user.AccessKey, user.SecretKey, fedAk, fedSk, name, policy, expireUnixStr) |
| 85 | if err != nil { |
| 86 | log.LogErrorf("getFederationTokenHandler: encode session token fail: requestID(%v) err(%v)", |
nothing calls this directly
no test coverage detected