unistack-org/micro
3
0
Fork 3
Code Issues 14 Pull Requests 2 Actions Packages Projects Releases 242 Wiki Activity

Fix server calling across namespace

Browse Source
This commit is contained in:
Ben Toogood 2020-05-26 17:35:06 +01:00
parent cd283654eb
commit c3b404bab0
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
util/wrapper/wrapper.go
View File

@ -209,8 +209,9 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
ctx = metadata.Set(ctx, "Micro-Namespace", ns)
}
// Check the issuer matches the services namespace
if account != nil && account.Issuer != ns {
// Check the issuer matches the services namespace. TODO: Stop allowing go.micro to access
// any namespace and instead check for the server issuer.
if account != nil && account.Issuer != ns && account.Issuer != "go.micro" {
return errors.Forbidden(req.Service(), "Account was not issued by %v", ns)
}