From e080ecb43a8f48749ddd0a89957ee2aa55553792 Mon Sep 17 00:00:00 2001
From: ben-toogood <bentoogood@gmail.com>
Date: Thu, 13 Feb 2020 14:07:14 +0000
Subject: [PATCH] Auth Improvements (#1195)

* Exclude Stats & Trace from Auth

* Update Excluded Endpoints Format

* Tweak Implementation
---
 config/cmd/cmd.go       |  2 +-
 util/wrapper/wrapper.go | 16 ++++++----------
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/config/cmd/cmd.go b/config/cmd/cmd.go
index 437d5f71..8aea177b 100644
--- a/config/cmd/cmd.go
+++ b/config/cmd/cmd.go
@@ -257,7 +257,7 @@ var (
 		&cli.StringSliceFlag{
 			Name:    "auth_exclude",
 			EnvVars: []string{"MICRO_AUTH_EXCLUDE"},
-			Usage:   "Comma-separated list of endpoints excluded from authentication",
+			Usage:   "Comma-separated list of endpoints excluded from authentication, e.g. Users.ListUsers",
 		},
 	}
 
diff --git a/util/wrapper/wrapper.go b/util/wrapper/wrapper.go
index 01767b04..b9c4275f 100644
--- a/util/wrapper/wrapper.go
+++ b/util/wrapper/wrapper.go
@@ -145,18 +145,14 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
 			// get the auth.Auth interface
 			a := fn()
 
-			// Extract endpoint and remove service name prefix
-			// (e.g. Platform.ListServices => ListServices)
-			var endpoint string
-			if ec := strings.Split(req.Endpoint(), "."); len(ec) == 2 {
-				endpoint = ec[1]
+			// Check for debug endpoints which should be excluded from auth
+			if strings.HasPrefix(req.Endpoint(), "Debug.") {
+				return h(ctx, req, rsp)
 			}
 
-			// Check for endpoints excluded from auth. If the endpoint
-			// matches, execute the handler and return
-			excludes := append(a.Options().Excludes, "Stats", "Trace")
-			for _, e := range excludes {
-				if e == endpoint {
+			// Exclude any user excluded endpoints
+			for _, e := range a.Options().Excludes {
+				if e == req.Endpoint() {
 					return h(ctx, req, rsp)
 				}
 			}