func (as *AuthServer) ParseRequest(req *http.Request) (*AuthRequest, error) {
ar := &AuthRequest{RemoteAddr: req.RemoteAddr, Actions: []string{}}
user, password, haveBasicAuth := req.BasicAuth()
if haveBasicAuth {
ar.User = user
ar.Password = authn.PasswordString(password)
}
ar.Account = req.FormValue("account")
if ar.Account == "" {
ar.Account = ar.User
} else if haveBasicAuth && ar.Account != ar.User {
return nil, fmt.Errorf("user and account are not the same (%q vs %q)", ar.User, ar.Account)
}
ar.Service = req.FormValue("service")
scope := req.FormValue("scope")
if scope != "" {
parts := strings.Split(scope, ":")
if len(parts) != 3 {
return nil, fmt.Errorf("invalid scope: %q", scope)
}
ar.Type = parts[0]
ar.Name = parts[1]
ar.Actions = strings.Split(parts[2], ",")
sort.Strings(ar.Actions)
}
return ar, nil
}
// ======================================= 登陆相关=========================================
func (acm *AuthConfigManager) DoLogin(user string, password string) (string, bool) {
for _, a := range acm.authConfig.Authenticators {
result, err := a.Authenticate(user, authn.PasswordString(password))
// glog.V(2).Infof("Authn %s %s -> %t, %s", a.Name(), ar.ai.Account, result, err)
if err != nil {
if err == authn.NoMatch {
continue
}
// err = fmt.Errorf("authn #%d returned error: %s", i+1, err)
// glog.Errorf("%s: %s", ar, err)
return err.Error(), false
}
return "", result
}
// Deny by default.
// glog.Warningf("%s did not match any authn rule", ar.ai)
return "", false
}