unistack-org/micro
4
0
Fork 2
Code Issues 18 Pull Requests Actions Packages Projects Releases 324 Wiki Activity

Merge Asim's Fixes

Browse Source
This commit is contained in:
Ben Toogood
2020-04-07 10:08:06 +01:00
parent 7206d5f964 b5f5027549
commit a81d86ed08
16 changed files with 80 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
api/server/auth/auth.go
View File

@@ -70,7 +70,7 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
// within. If not forbid the request and log the occurance.
if acc.Namespace != namespace {
logger.Warnf("Cross namespace request forbidden: account %v (%v) requested access to %v in the %v namespace", acc.ID, acc.Namespace, req.URL.Path, namespace)
w.WriteHeader(http.StatusForbidden)
http.Error(w, "Forbidden namespace", 403)
}
// Determine the name of the service being requested
@@ -80,13 +80,13 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
endpoint = &resolver.Endpoint{Path: req.URL.Path}
} else if err != nil {
logger.Error(err)
w.WriteHeader(http.StatusInternalServerError)
http.Error(w, err.Error(), 500)
return
} else if err == nil {
} else {
// set the endpoint in the context so it can be used to resolve
// the request later
ctx := context.WithValue(req.Context(), resolver.Endpoint{}, endpoint)
*req = *req.WithContext(ctx)
*req = *req.Clone(ctx)
}
// construct the resource name, e.g. home => go.micro.web.home
@@ -115,14 +115,14 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
// The account is set, but they don't have enough permissions, hence
// we return a forbidden error.
if len(acc.ID) > 0 {
w.WriteHeader(http.StatusForbidden)
http.Error(w, "Forbidden request", 403)
return
}
// If there is no auth login url set, 401
loginURL := h.auth.Options().LoginURL
if loginURL == "" {
w.WriteHeader(http.StatusUnauthorized)
http.Error(w, "unauthorized request", 401)
return
}
@@ -143,7 +143,7 @@ func (h authHandler) namespaceFromRequest(req *http.Request) string {
var host string
if h, _, err := net.SplitHostPort(req.Host); err == nil {
host = h // host does contain a port
} else {
} else if strings.Contains(err.Error(), "missing port in address") {
host = req.Host // host does not contain a port
}
@@ -162,6 +162,7 @@ func (h authHandler) namespaceFromRequest(req *http.Request) string {
return auth.DefaultNamespace
}
// TODO: this logic needs to be replaced with usage of publicsuffix
// if host is not a subdomain, deturn default namespace
comps := strings.Split(host, ".")
if len(comps) < 3 {