util/wrapper: allow enforcing a specific namespace when verifying requests (#1832)

* auth/jwt: add debugging * auth: more debugging * auth: more debugging * util/wrapper: don't use request context * util/wrapper: AuthHandlerNamespace * remove debugging
2020-07-14 10:27:15 +01:00
parent 3f4b58b58c
commit a5e9dc21ca
2 changed files with 39 additions and 6 deletions
--- a/service.go
+++ b/service.go
@@ -44,11 +44,16 @@ func newService(opts ...Option) Service {
 	options.Client = wrapper.CacheClient(cacheFn, options.Client)
 	options.Client = wrapper.AuthClient(authFn, options.Client)

+	// pass the services auth namespace to the auth handler so it
+	// uses this to verify requests, preventing the reliance on the
+	// unsecure Micro-Namespace header.
+	handlerNS := wrapper.AuthHandlerNamespace(options.Auth.Options().Issuer)
+
 	// wrap the server to provide handler stats
 	options.Server.Init(
 		server.WrapHandler(wrapper.HandlerStats(stats.DefaultStats)),
 		server.WrapHandler(wrapper.TraceHandler(trace.DefaultTracer)),
-		server.WrapHandler(wrapper.AuthHandler(authFn)),
+		server.WrapHandler(wrapper.AuthHandler(authFn, handlerNS)),
 	)

 	// set opts