forked from Qarik-Group/safe
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.go
87 lines (76 loc) · 1.53 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package auth
import (
"bytes"
"crypto/tls"
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"net/url"
"os"
)
func authurl(base, f string, args ...interface{}) string {
return base + fmt.Sprintf(f, args...)
}
func authenticate(req *http.Request) (string, error) {
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: os.Getenv("VAULT_SKIP_VERIFY") != "",
},
},
}
var (
body []byte
err error
res *http.Response
)
if req.Body != nil {
body, err = ioutil.ReadAll(req.Body)
if err != nil {
return "", err
}
}
for i := 0; i < 10; i++ {
if req.Body != nil {
req.Body = ioutil.NopCloser(bytes.NewReader(body))
}
res, err = client.Do(req)
if err != nil {
return "", err
}
// Vault returns a 307 to redirect during HA / Auth
if res.StatusCode == 307 {
// Note: this does not handle relative Location headers
u, err := url.Parse(res.Header.Get("Location"))
if err != nil {
return "", err
}
req.URL = u
// ... and try again.
continue
}
break
}
if res.StatusCode != 200 {
return "", fmt.Errorf("API %s", res.Status)
}
b, err := ioutil.ReadAll(res.Body)
if err != nil {
return "", err
}
var raw map[string]interface{}
if err = json.Unmarshal(b, &raw); err != nil {
return "", err
}
if authdata, ok := raw["auth"]; ok {
if data, ok := authdata.(map[string]interface{}); ok {
if tok, ok := data["client_token"]; ok {
if s, ok := tok.(string); ok {
return s, nil
}
}
}
}
return "", nil
}