Skip to content

Commit

Permalink
Merge branch 'master' of https://github.com/quan-to/aws-es-proxy into…
Browse files Browse the repository at this point in the history
… quan-to-master

- Enabled HTTP Basic Auth
  • Loading branch information
abutaha committed Apr 5, 2020
2 parents 1096fb7 + d333cb7 commit 58622af
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 3 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,4 @@
vendor
glide.lock
dist
.idea
48 changes: 46 additions & 2 deletions aws-es-proxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package main

import (
"bytes"
"crypto/subtle"
"encoding/json"
"flag"
"fmt"
Expand Down Expand Up @@ -80,6 +81,10 @@ type proxy struct {
fileResponse *os.File
credentials *credentials.Credentials
httpClient *http.Client
auth bool
username string
password string
realm string
}

func newProxy(args ...interface{}) *proxy {
Expand All @@ -100,6 +105,10 @@ func newProxy(args ...interface{}) *proxy {
logtofile: args[3].(bool),
nosignreq: args[4].(bool),
httpClient: &client,
auth: args[6].(bool),
username: args[7].(string),
password: args[8].(string),
realm: args[9].(string),
}
}

Expand Down Expand Up @@ -195,6 +204,18 @@ func (p *proxy) getSigner() *v4.Signer {
}

func (p *proxy) ServeHTTP(w http.ResponseWriter, r *http.Request) {

if p.auth {
user, pass, ok := r.BasicAuth()

if !ok || subtle.ConstantTimeCompare([]byte(user), []byte(p.username)) != 1 || subtle.ConstantTimeCompare([]byte(pass), []byte(p.password)) != 1 {
w.Header().Set("WWW-Authenticate", fmt.Sprintf("Basic realm=\"%s\"", p.realm))
w.WriteHeader(401)
_, _ = w.Write([]byte("Unauthorised.\n"))
return
}
}

requestStarted := time.Now()

var (
Expand Down Expand Up @@ -376,16 +397,23 @@ func replaceBody(req *http.Request) []byte {

func copyHeaders(dst, src http.Header) {
for k, vals := range src {
for _, v := range vals {
dst.Add(k, v)
if k != "Authorization" {
for _, v := range vals {
dst.Add(k, v)
}
}

}
}

func main() {

var (
debug bool
auth bool
username string
password string
realm string
verbose bool
prettify bool
logtofile bool
Expand All @@ -408,6 +436,10 @@ func main() {
flag.BoolVar(&debug, "debug", false, "Print debug messages")
flag.BoolVar(&ver, "version", false, "Print aws-es-proxy version")
flag.IntVar(&timeout, "timeout", 15, "Set a request timeout to ES. Specify in seconds, defaults to 15")
flag.BoolVar(&auth, "auth", false, "Require HTTP Basic Auth")
flag.StringVar(&username, "username", "", "HTTP Basic Auth Username")
flag.StringVar(&password, "password", "", "HTTP Basic Auth Password")
flag.StringVar(&realm, "realm", "", "Authentication Required")
flag.Parse()

if len(os.Args) < 2 {
Expand All @@ -428,13 +460,25 @@ func main() {
os.Exit(0)
}

if auth {
if len(username) == 0 || len(password) == 0 {
fmt.Println("You need to specify username and password when using authentication.")
fmt.Println("Please run with '-h' for a list of available arguments.")
os.Exit(1)
}
}

p := newProxy(
endpoint,
verbose,
prettify,
logtofile,
nosignreq,
timeout,
auth,
username,
password,
realm,
)

if err = p.parseEndpoint(); err != nil {
Expand Down
2 changes: 1 addition & 1 deletion cross-compile.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/bash

VERSION="0.9"
VERSION="0.10"

rm -rf dist; mkdir -p dist
for GOOS in darwin linux windows; do
Expand Down

0 comments on commit 58622af

Please sign in to comment.