func (as *AuthServer) ParseRequest(req *http.Request) (*AuthRequest, error) { ar := &AuthRequest{RemoteAddr: req.RemoteAddr, Actions: []string{}} user, password, haveBasicAuth := req.BasicAuth() if haveBasicAuth { ar.User = user ar.Password = authn.PasswordString(password) } ar.Account = req.FormValue("account") if ar.Account == "" { ar.Account = ar.User } else if haveBasicAuth && ar.Account != ar.User { return nil, fmt.Errorf("user and account are not the same (%q vs %q)", ar.User, ar.Account) } ar.Service = req.FormValue("service") scope := req.FormValue("scope") if scope != "" { parts := strings.Split(scope, ":") if len(parts) != 3 { return nil, fmt.Errorf("invalid scope: %q", scope) } ar.Type = parts[0] ar.Name = parts[1] ar.Actions = strings.Split(parts[2], ",") sort.Strings(ar.Actions) } return ar, nil }
// ======================================= 登陆相关========================================= func (acm *AuthConfigManager) DoLogin(user string, password string) (string, bool) { for _, a := range acm.authConfig.Authenticators { result, err := a.Authenticate(user, authn.PasswordString(password)) // glog.V(2).Infof("Authn %s %s -> %t, %s", a.Name(), ar.ai.Account, result, err) if err != nil { if err == authn.NoMatch { continue } // err = fmt.Errorf("authn #%d returned error: %s", i+1, err) // glog.Errorf("%s: %s", ar, err) return err.Error(), false } return "", result } // Deny by default. // glog.Warningf("%s did not match any authn rule", ar.ai) return "", false }