Auth Improvements (#1195)

* Exclude Stats & Trace from Auth * Update Excluded Endpoints Format * Tweak Implementation
2020-02-13 14:07:14 +00:00 · 2020-02-13 14:07:14 +00:00 · e080ecb43a
commit e080ecb43a
parent ea70711dd3
2 changed files with 7 additions and 11 deletions
--- a/config/cmd/cmd.go
+++ b/config/cmd/cmd.go
@ -257,7 +257,7 @@ var (
 		&cli.StringSliceFlag{
 			Name:    "auth_exclude",
 			EnvVars: []string{"MICRO_AUTH_EXCLUDE"},
-			Usage:   "Comma-separated list of endpoints excluded from authentication",
+			Usage:   "Comma-separated list of endpoints excluded from authentication, e.g. Users.ListUsers",
 		},
 	}

--- a/util/wrapper/wrapper.go
+++ b/util/wrapper/wrapper.go
@ -145,18 +145,14 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
 			// get the auth.Auth interface
 			a := fn()

-			// Extract endpoint and remove service name prefix
-			// (e.g. Platform.ListServices => ListServices)
-			var endpoint string
-			if ec := strings.Split(req.Endpoint(), "."); len(ec) == 2 {
-				endpoint = ec[1]
+			// Check for debug endpoints which should be excluded from auth
+			if strings.HasPrefix(req.Endpoint(), "Debug.") {
+				return h(ctx, req, rsp)
 			}

-			// Check for endpoints excluded from auth. If the endpoint
-			// matches, execute the handler and return
-			excludes := append(a.Options().Excludes, "Stats", "Trace")
-			for _, e := range excludes {
-				if e == endpoint {
+			// Exclude any user excluded endpoints
+			for _, e := range a.Options().Excludes {
+				if e == req.Endpoint() {
 					return h(ctx, req, rsp)
 				}
 			}