mirror of
https://github.com/mofeng-git/One-KVM.git
synced 2025-12-12 01:00:29 +08:00
refactoring
This commit is contained in:
Maxim Devaev
parent
59eff99dcc
commit
0437f487b5
@ -45,28 +45,31 @@ from ..auth import AuthManager
|
|||||||
_COOKIE_AUTH_TOKEN = "auth_token"
|
_COOKIE_AUTH_TOKEN = "auth_token"
|
||||||
|
|
||||||
|
|
||||||
async def check_request_auth(auth_manager: AuthManager, exposed: HttpExposed, req: Request) -> None:
|
async def _check_xhdr(auth_manager: AuthManager, _: HttpExposed, req: Request) -> bool:
|
||||||
if not auth_manager.is_auth_required(exposed):
|
|
||||||
return
|
|
||||||
|
|
||||||
user = req.headers.get("X-KVMD-User", "")
|
user = req.headers.get("X-KVMD-User", "")
|
||||||
if user:
|
if user:
|
||||||
user = valid_user(user)
|
user = valid_user(user)
|
||||||
passwd = req.headers.get("X-KVMD-Passwd", "")
|
passwd = req.headers.get("X-KVMD-Passwd", "")
|
||||||
set_request_auth_info(req, f"{user} (xhdr)")
|
set_request_auth_info(req, f"{user} (xhdr)")
|
||||||
if (await auth_manager.authorize(user, valid_passwd(passwd))):
|
if (await auth_manager.authorize(user, valid_passwd(passwd))):
|
||||||
return
|
return True
|
||||||
raise ForbiddenError()
|
raise ForbiddenError()
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
async def _check_token(auth_manager: AuthManager, _: HttpExposed, req: Request) -> bool:
|
||||||
token = req.cookies.get(_COOKIE_AUTH_TOKEN, "")
|
token = req.cookies.get(_COOKIE_AUTH_TOKEN, "")
|
||||||
if token:
|
if token:
|
||||||
user = auth_manager.check(valid_auth_token(token)) # type: ignore
|
user = auth_manager.check(valid_auth_token(token))
|
||||||
if user:
|
if user:
|
||||||
set_request_auth_info(req, f"{user} (token)")
|
set_request_auth_info(req, f"{user} (token)")
|
||||||
return
|
return True
|
||||||
set_request_auth_info(req, "- (token)")
|
set_request_auth_info(req, "- (token)")
|
||||||
raise ForbiddenError()
|
raise ForbiddenError()
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
async def _check_basic(auth_manager: AuthManager, _: HttpExposed, req: Request) -> bool:
|
||||||
basic_auth = req.headers.get("Authorization", "")
|
basic_auth = req.headers.get("Authorization", "")
|
||||||
if basic_auth and basic_auth[:6].lower() == "basic ":
|
if basic_auth and basic_auth[:6].lower() == "basic ":
|
||||||
try:
|
try:
|
||||||
@ -76,18 +79,29 @@ async def check_request_auth(auth_manager: AuthManager, exposed: HttpExposed, re
|
|||||||
user = valid_user(user)
|
user = valid_user(user)
|
||||||
set_request_auth_info(req, f"{user} (basic)")
|
set_request_auth_info(req, f"{user} (basic)")
|
||||||
if (await auth_manager.authorize(user, valid_passwd(passwd))):
|
if (await auth_manager.authorize(user, valid_passwd(passwd))):
|
||||||
return
|
return True
|
||||||
raise ForbiddenError()
|
raise ForbiddenError()
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
async def _check_usc(auth_manager: AuthManager, exposed: HttpExposed, req: Request) -> bool:
|
||||||
if exposed.allow_usc:
|
if exposed.allow_usc:
|
||||||
creds = get_request_unix_credentials(req)
|
creds = get_request_unix_credentials(req)
|
||||||
if creds is not None:
|
if creds is not None:
|
||||||
user = auth_manager.check_unix_credentials(creds) # type: ignore
|
user = auth_manager.check_unix_credentials(creds)
|
||||||
if user:
|
if user:
|
||||||
set_request_auth_info(req, f"{user}[{creds.uid}] (unix)")
|
set_request_auth_info(req, f"{user}[{creds.uid}] (unix)")
|
||||||
return
|
return True
|
||||||
raise UnauthorizedError()
|
raise UnauthorizedError()
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
async def check_request_auth(auth_manager: AuthManager, exposed: HttpExposed, req: Request) -> None:
|
||||||
|
if not auth_manager.is_auth_required(exposed):
|
||||||
|
return
|
||||||
|
for checker in [_check_xhdr, _check_token, _check_basic, _check_usc]:
|
||||||
|
if (await checker(auth_manager, exposed, req)):
|
||||||
|
return
|
||||||
raise UnauthorizedError()
|
raise UnauthorizedError()
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user