diff options
author | John Cai <jcai@gitlab.com> | 2020-05-28 01:30:15 +0300 |
---|---|---|
committer | John Cai <jcai@gitlab.com> | 2020-05-29 00:50:59 +0300 |
commit | ea43d93b3e9f5f30f40d422082278e18c734df04 (patch) | |
tree | ec037fbf7fd56c5e18dc38f9e09bc784c1390565 /auth | |
parent | 2c0194fc7ac8436107a40ff79edbdc8f1ce2afc4 (diff) |
Check auth before limit handler
Diffstat (limited to 'auth')
-rw-r--r-- | auth/extract_test.go | 10 | ||||
-rw-r--r-- | auth/token.go | 18 |
2 files changed, 24 insertions, 4 deletions
diff --git a/auth/extract_test.go b/auth/extract_test.go index 510fb1790..e002762b3 100644 --- a/auth/extract_test.go +++ b/auth/extract_test.go @@ -10,6 +10,16 @@ import ( ) func TestCheckTokenV2(t *testing.T) { + // the tests below had their hmac signatures generated with the default 30s + // in our tests, we modify this number with ldflags but this test should continue + // to use the 30s number + + defer func(d time.Duration) { + timestampThresholdDuration = d + }(timestampThresholdDuration) + + timestampThresholdDuration = 30 * time.Second + targetTime := time.Unix(1535671600, 0) secret := []byte("foo") diff --git a/auth/token.go b/auth/token.go index dee53227c..12c11740c 100644 --- a/auth/token.go +++ b/auth/token.go @@ -16,11 +16,10 @@ import ( "google.golang.org/grpc/status" ) -const ( - timestampThreshold = 30 * time.Second -) +var timestampThresholdDuration time.Duration var ( + timestampThreshold = "30s" errUnauthenticated = status.Errorf(codes.Unauthenticated, "authentication required") errDenied = status.Errorf(codes.PermissionDenied, "permission denied") @@ -33,8 +32,19 @@ var ( ) ) +// TimestampThreshold is used by tests +func TimestampThreshold() time.Duration { + return timestampThresholdDuration +} + func init() { prometheus.MustRegister(authErrors) + + var err error + timestampThresholdDuration, err = time.ParseDuration(timestampThreshold) + if err != nil { + panic(err) + } } // AuthInfo contains the authentication information coming from a request @@ -58,7 +68,7 @@ func CheckToken(ctx context.Context, secret string, targetTime time.Time) error } if authInfo.Version == "v2" { - if v2HmacInfoValid(authInfo.Message, authInfo.SignedMessage, []byte(secret), targetTime, timestampThreshold) { + if v2HmacInfoValid(authInfo.Message, authInfo.SignedMessage, []byte(secret), targetTime, timestampThresholdDuration) { return nil } } |