diff --git a/internal/http/interceptors/auth/credential/loader/loader.go b/internal/http/interceptors/auth/credential/loader/loader.go index 452cdb8ebb4..d5aa16727ee 100644 --- a/internal/http/interceptors/auth/credential/loader/loader.go +++ b/internal/http/interceptors/auth/credential/loader/loader.go @@ -22,6 +22,7 @@ import ( // Load core authentication strategies. _ "github.com/cs3org/reva/internal/http/interceptors/auth/credential/strategy/basic" _ "github.com/cs3org/reva/internal/http/interceptors/auth/credential/strategy/bearer" + _ "github.com/cs3org/reva/internal/http/interceptors/auth/credential/strategy/ocmshares" _ "github.com/cs3org/reva/internal/http/interceptors/auth/credential/strategy/publicshares" // Add your own here. ) diff --git a/internal/http/interceptors/auth/credential/strategy/ocmshares/ocmshares.go b/internal/http/interceptors/auth/credential/strategy/ocmshares/ocmshares.go new file mode 100644 index 00000000000..a93f62d8d91 --- /dev/null +++ b/internal/http/interceptors/auth/credential/strategy/ocmshares/ocmshares.go @@ -0,0 +1,58 @@ +// Copyright 2018-2023 CERN +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// In applying this license, CERN does not waive the privileges and immunities +// granted to it by virtue of its status as an Intergovernmental Organization +// or submit itself to any jurisdiction. + +package ocmshares + +import ( + "fmt" + "net/http" + + "github.com/cs3org/reva/internal/http/interceptors/auth/credential/registry" + "github.com/cs3org/reva/pkg/auth" +) + +func init() { + registry.Register("ocmshares", New) +} + +const ( + headerShareToken = "ocm-token" +) + +type strategy struct{} + +// New returns a new auth strategy that handles public share verification. +func New(m map[string]interface{}) (auth.CredentialStrategy, error) { + return &strategy{}, nil +} + +func (s *strategy) GetCredentials(w http.ResponseWriter, r *http.Request) (*auth.Credentials, error) { + token := r.Header.Get(headerShareToken) + if token == "" { + token = r.URL.Query().Get(headerShareToken) + } + if token == "" { + return nil, fmt.Errorf("no ocm token provided") + } + + return &auth.Credentials{Type: "ocmshares", ClientID: token}, nil +} + +func (s *strategy) AddWWWAuthenticate(w http.ResponseWriter, r *http.Request, realm string) { + // TODO read realm from forwarded header? +}