Support Wildcard Auth Excludes (#1357)

Co-authored-by: Ben Toogood <ben@micro.mu>
2020-03-17 16:03:49 +00:00 · 2020-03-17 16:03:49 +00:00 · b3c631dd38
commit b3c631dd38
parent ab73127063
1 changed files with 15 additions and 0 deletions
--- a/api/server/auth/auth.go
+++ b/api/server/auth/auth.go
@ -7,6 +7,11 @@ import (
 	"github.com/micro/go-micro/v2/auth"
 )

+var (
+	// DefaultExcludes is the paths which are allowed by default
+	DefaultExcludes = []string{"/favicon.ico"}
+)
+
 // CombinedAuthHandler wraps a server and authenticates requests
 func CombinedAuthHandler(h http.Handler) http.Handler {
 	return authHandler{
@ -30,14 +35,24 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {

 	// Return if the user disabled auth on this endpoint
 	excludes := h.auth.Options().Exclude
+	excludes = append(excludes, DefaultExcludes...)
 	if len(loginURL) > 0 {
 		excludes = append(excludes, loginURL)
 	}
+
 	for _, e := range excludes {
+		// is a standard exclude, e.g. /rpc
 		if e == req.URL.Path {
 			h.handler.ServeHTTP(w, req)
 			return
 		}
+
+		// is a wildcard exclude, e.g. /services/*
+		wildcard := strings.Replace(e, "*", "", 1)
+		if strings.HasSuffix(e, "*") && strings.HasPrefix(req.URL.Path, wildcard) {
+			h.handler.ServeHTTP(w, req)
+			return
+		}
 	}

 	var token string