unistack-org/micro
4
0
Fork 3
Code Issues 18 Pull Requests 1 Actions Packages Projects Releases 263 Wiki Activity

Few nitpicks

Browse Source
This commit is contained in:
Asim Aslam 2020-04-07 00:19:49 +01:00
parent 900b2d24f9
commit ca11c4a672
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
api/server/auth/auth.go
View File

@ -76,7 +76,7 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
// within. If not forbid the request and log the occurance. // within. If not forbid the request and log the occurance.
if acc.Namespace != namespace { if acc.Namespace != namespace {
logger.Warnf("Cross namespace request forbidden: account %v (%v) requested access to %v in the %v namespace", acc.ID, acc.Namespace, req.URL.Path, namespace) logger.Warnf("Cross namespace request forbidden: account %v (%v) requested access to %v in the %v namespace", acc.ID, acc.Namespace, req.URL.Path, namespace)
w.WriteHeader(http.StatusForbidden) http.Error(w, "Forbidden namespace", 403)
} }
// Determine the name of the service being requested // Determine the name of the service being requested
@ -86,9 +86,9 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
endpoint = &resolver.Endpoint{Path: req.URL.Path} endpoint = &resolver.Endpoint{Path: req.URL.Path}
} else if err != nil { } else if err != nil {
logger.Error(err) logger.Error(err)
w.WriteHeader(http.StatusInternalServerError) http.Error(w, err.Error(), 500)
return return
} else if err == nil { } else {
// set the endpoint in the context so it can be used to resolve // set the endpoint in the context so it can be used to resolve
// the request later // the request later
ctx := context.WithValue(req.Context(), resolver.Endpoint{}, endpoint) ctx := context.WithValue(req.Context(), resolver.Endpoint{}, endpoint)
@ -121,14 +121,14 @@ func (h authHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
// The account is set, but they don't have enough permissions, hence // The account is set, but they don't have enough permissions, hence
// we return a forbidden error. // we return a forbidden error.
if len(acc.ID) > 0 { if len(acc.ID) > 0 {
w.WriteHeader(http.StatusForbidden) http.Error(w, "Forbidden request", 403)
return return
} }
// If there is no auth login url set, 401 // If there is no auth login url set, 401
loginURL := h.auth.Options().LoginURL loginURL := h.auth.Options().LoginURL
if loginURL == "" { if loginURL == "" {
w.WriteHeader(http.StatusUnauthorized) http.Error(w, "unauthorized request", 401)
return return
} }
@ -159,6 +159,7 @@ func namespaceFromRequest(req *http.Request) (string, error) {
return auth.DefaultNamespace, nil return auth.DefaultNamespace, nil
} }
// TODO: this logic needs to be replaced with usage of publicsuffix
// if host is not a subdomain, deturn default namespace // if host is not a subdomain, deturn default namespace
comps := strings.Split(host, ".") comps := strings.Split(host, ".")
if len(comps) != 3 { if len(comps) != 3 {