MCPcopy Index your code
hub / github.com/cubefs/cubefs / getFederationTokenHandler

Method getFederationTokenHandler

objectnode/sts_handler.go:29–114  ·  view source on GitHub ↗

https://docs.aws.amazon.com/zh_cn/STS/latest/APIReference/API_GetFederationToken.html

(w http.ResponseWriter, r *http.Request)

Source from the content-addressed store, hash-verified

27
28// https://docs.aws.amazon.com/zh_cn/STS/latest/APIReference/API_GetFederationToken.html
29func (o *ObjectNode) getFederationTokenHandler(w http.ResponseWriter, r *http.Request) {
30 var (
31 err error
32 erc *ErrorCode
33 )
34 defer func() {
35 o.errorResponse(w, r, err, erc)
36 }()
37 // request param check
38 if token := r.Header.Get(XAmzSecurityToken); token != "" {
39 erc = AccessDeniedBySTS
40 return
41 }
42 if action := r.PostFormValue(stsActionKey); action != stsActionValue {
43 log.LogErrorf("getFederationTokenHandler: sts action invalid: requestID(%v) action(%v)",
44 GetRequestID(r), action)
45 erc = InvalidArgument
46 return
47 }
48 name := r.PostFormValue(stsNameKey)
49 matched, _ := regexp.MatchString(`^[\w+=,.@-]*$`, name)
50 if len(name) < 2 || len(name) > 32 || !matched {
51 log.LogErrorf("getFederationTokenHandler: sts name invalid: requestID(%v) name(%v) err(%v)",
52 GetRequestID(r), name, err)
53 erc = InvalidArgument
54 return
55 }
56 policy := r.PostFormValue(stsPolicyKey)
57 if _, err = ParsePolicyV2Config(policy); err != nil {
58 log.LogErrorf("getFederationTokenHandler: sts policy invalid: requestID(%v) policy(%v) err(%v)",
59 GetRequestID(r), policy, err)
60 erc = &ErrorCode{
61 ErrorCode: "MalformedPolicyDocument",
62 ErrorMessage: fmt.Sprintf("The policy document was malformed: %v.", err.Error()),
63 StatusCode: http.StatusBadRequest,
64 }
65 return
66 }
67 seconds := r.PostFormValue(stsDurationSecondsKey)
68 durationSeconds, _ := strconv.ParseInt(seconds, 10, 64)
69 if durationSeconds < 900 || durationSeconds > 129600 {
70 durationSeconds = 43200
71 }
72 param := ParseRequestParam(r)
73 user, err := o.getUserInfoByAccessKeyV2(param.AccessKey())
74 if err != nil {
75 log.LogErrorf("getFederationTokenHandler: get user info fail: requestID(%v) accessKey(%v) err(%v)",
76 GetRequestID(r), param.AccessKey(), err)
77 return
78 }
79 // federated ak/sk generation
80 now := time.Now().UTC()
81 expireUnixStr := fmt.Sprint(now.Unix() + durationSeconds)
82 fedAk := stsAkPrefix + util.RandomString(13, util.Numeric|util.LowerLetter|util.UpperLetter)
83 fedSk := util.RandomString(32, util.Numeric|util.LowerLetter|util.UpperLetter)
84 sessionToken, err := EncodeFedSessionToken(user.AccessKey, user.SecretKey, fedAk, fedSk, name, policy, expireUnixStr)
85 if err != nil {
86 log.LogErrorf("getFederationTokenHandler: encode session token fail: requestID(%v) err(%v)",

Callers

nothing calls this directly

Calls 15

errorResponseMethod · 0.95
LogErrorfFunction · 0.92
RandomStringFunction · 0.92
GetRequestIDFunction · 0.85
ParsePolicyV2ConfigFunction · 0.85
ParseRequestParamFunction · 0.85
EncodeFedSessionTokenFunction · 0.85
MarshalXMLEntityFunction · 0.85
writeSuccessResponseXMLFunction · 0.85
AccessKeyMethod · 0.80
GetMethod · 0.65

Tested by

no test coverage detected