Fix Auth Headers (#1324)

Co-authored-by: Ben Toogood <ben@micro.mu>
This commit is contained in:
ben-toogood 2020-03-10 16:47:01 +00:00 committed by GitHub
parent ed83c27f0e
commit 48b2a5c37c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 7 deletions

View File

@ -5,7 +5,6 @@ import (
"strings" "strings"
"github.com/micro/go-micro/v2/auth" "github.com/micro/go-micro/v2/auth"
"github.com/micro/go-micro/v2/metadata"
) )
// CombinedAuthHandler wraps a server and authenticates requests // CombinedAuthHandler wraps a server and authenticates requests
@ -42,15 +41,16 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
} }
var token string var token string
if header, ok := metadata.Get(req.Context(), "Authorization"); ok { if header := req.Header.Get("Authorization"); len(header) > 0 {
// Extract the auth token from the request // Extract the auth token from the request
if strings.HasPrefix(header, BearerScheme) { if strings.HasPrefix(header, BearerScheme) {
token = header[len(BearerScheme):] token = header[len(BearerScheme):]
} }
} else { } else {
// Get the token out the cookies if not provided in headers // Get the token out the cookies if not provided in headers
if c, err := req.Cookie(auth.CookieName); err != nil && c != nil { if c, err := req.Cookie("micro-token"); err == nil && c != nil {
token = c.Value token = strings.TrimPrefix(c.Value, auth.CookieName+"=")
req.Header.Set("Authorization", BearerScheme+token)
} }
} }

View File

@ -38,6 +38,7 @@ func SetHeaders(w http.ResponseWriter, r *http.Request) {
set(w, "Access-Control-Allow-Origin", "*") set(w, "Access-Control-Allow-Origin", "*")
} }
set(w, "Access-Control-Allow-Credentials", "true")
set(w, "Access-Control-Allow-Methods", "POST, PATCH, GET, OPTIONS, PUT, DELETE") set(w, "Access-Control-Allow-Methods", "POST, PATCH, GET, OPTIONS, PUT, DELETE")
set(w, "Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization") set(w, "Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
} }

View File

@ -123,7 +123,7 @@ func (g *grpcClient) call(ctx context.Context, node *registry.Node, req client.R
if md, ok := metadata.FromContext(ctx); ok { if md, ok := metadata.FromContext(ctx); ok {
header = make(map[string]string, len(md)) header = make(map[string]string, len(md))
for k, v := range md { for k, v := range md {
header[k] = v header[strings.ToLower(k)] = v
} }
} else { } else {
header = make(map[string]string) header = make(map[string]string)
@ -133,9 +133,12 @@ func (g *grpcClient) call(ctx context.Context, node *registry.Node, req client.R
header["timeout"] = fmt.Sprintf("%d", opts.RequestTimeout) header["timeout"] = fmt.Sprintf("%d", opts.RequestTimeout)
// set the content type for the request // set the content type for the request
header["x-content-type"] = req.ContentType() header["x-content-type"] = req.ContentType()
// set the authorization token if one is saved locally // set the authorization token if one is saved locally
if token, err := config.Get("token"); err == nil && len(token) > 0 { if len(header["authorization"]) == 0 {
header["authorization"] = BearerScheme + token if token, err := config.Get("token"); err == nil && len(token) > 0 {
header["authorization"] = BearerScheme + token
}
} }
md := gmetadata.New(header) md := gmetadata.New(header)