Fix Auth Headers (#1324)

Co-authored-by: Ben Toogood <ben@micro.mu>
This commit is contained in:
ben-toogood 2020-03-10 16:47:01 +00:00 committed by GitHub
parent ed83c27f0e
commit 48b2a5c37c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 7 deletions

View File

@ -5,7 +5,6 @@ import (
"strings"
"github.com/micro/go-micro/v2/auth"
"github.com/micro/go-micro/v2/metadata"
)
// CombinedAuthHandler wraps a server and authenticates requests
@ -42,15 +41,16 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
}
var token string
if header, ok := metadata.Get(req.Context(), "Authorization"); ok {
if header := req.Header.Get("Authorization"); len(header) > 0 {
// Extract the auth token from the request
if strings.HasPrefix(header, BearerScheme) {
token = header[len(BearerScheme):]
}
} else {
// Get the token out the cookies if not provided in headers
if c, err := req.Cookie(auth.CookieName); err != nil && c != nil {
token = c.Value
if c, err := req.Cookie("micro-token"); err == nil && c != nil {
token = strings.TrimPrefix(c.Value, auth.CookieName+"=")
req.Header.Set("Authorization", BearerScheme+token)
}
}

View File

@ -38,6 +38,7 @@ func SetHeaders(w http.ResponseWriter, r *http.Request) {
set(w, "Access-Control-Allow-Origin", "*")
}
set(w, "Access-Control-Allow-Credentials", "true")
set(w, "Access-Control-Allow-Methods", "POST, PATCH, GET, OPTIONS, PUT, DELETE")
set(w, "Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
}

View File

@ -123,7 +123,7 @@ func (g *grpcClient) call(ctx context.Context, node *registry.Node, req client.R
if md, ok := metadata.FromContext(ctx); ok {
header = make(map[string]string, len(md))
for k, v := range md {
header[k] = v
header[strings.ToLower(k)] = v
}
} else {
header = make(map[string]string)
@ -133,9 +133,12 @@ func (g *grpcClient) call(ctx context.Context, node *registry.Node, req client.R
header["timeout"] = fmt.Sprintf("%d", opts.RequestTimeout)
// set the content type for the request
header["x-content-type"] = req.ContentType()
// set the authorization token if one is saved locally
if token, err := config.Get("token"); err == nil && len(token) > 0 {
header["authorization"] = BearerScheme + token
if len(header["authorization"]) == 0 {
if token, err := config.Get("token"); err == nil && len(token) > 0 {
header["authorization"] = BearerScheme + token
}
}
md := gmetadata.New(header)