Merge pull request #2831 from owncloud/public-link-signature-auth

David Christofas · web-flow · commit eb4e2d8a650d · 2021-12-10T09:33:41.000+01:00
enable signature auth in public share auth middleware
diff --git a/changelog/unreleased/public-link-signature-auth.md b/changelog/unreleased/public-link-signature-auth.md
@@ -0,0 +1,5 @@
+Enhancement: Support signature auth in the public share auth middleware
+
+Enabled public share requests to be authenticated using the public share signature.
+
+https://github.com/owncloud/ocis/pull/2831
diff --git a/proxy/pkg/middleware/public_share_auth.go b/proxy/pkg/middleware/public_share_auth.go
@@ -2,6 +2,7 @@ package middleware
 
 import (
 	"net/http"
+	"strings"
 
 	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
 )
@@ -32,12 +33,23 @@ func PublicShareAuth(opts ...Option) func(next http.Handler) http.Handler {
 				return
 			}
 
-			// We can ignore the username since it is always set to "public" in public shares.
-			_, password, ok := r.BasicAuth()
+			var sharePassword string
+			if signature := r.URL.Query().Get("signature"); signature != "" {
+				expiration := r.URL.Query().Get("expiration")
+				if expiration == "" {
+					logger.Warn().Str("signature", signature).Msg("cannot do signature auth without the expiration")
+					next.ServeHTTP(w, r)
+					return
+				}
+				sharePassword = strings.Join([]string{"signature", signature, expiration}, "|")
+			} else {
+				// We can ignore the username since it is always set to "public" in public shares.
+				_, password, ok := r.BasicAuth()
 
-			sharePassword := basicAuthPasswordPrefix
-			if ok {
-				sharePassword += password
+				sharePassword = basicAuthPasswordPrefix
+				if ok {
+					sharePassword += password
+				}
 			}
 
 			authResp, err := options.RevaGatewayClient.Authenticate(r.Context(), &gateway.AuthenticateRequest{
