imjoey opened a new issue #1204: URL: https://github.com/apache/apisix-dashboard/issues/1204
# Bug report ## Describe the bug The manager-api backend will panic if the authorization string in request header is malformed. ## How to Reproduce 1. Run `make api-run` to start manager-api, with listening address `localhost:9000`; 2. Run `curl http://127.0.0.1:9000/apisix/admin/server_info -H "Authorization: Not-Valid-JWT-String"`, or just simple `curl http://127.0.0.1:9000/apisix/admin/server_info`; 3. manager-api goes to panic with the following error ``` 021-01-05 11:09:37.120179 I | http: panic serving 127.0.0.1:50200: runtime error: invalid memory address or nil pointer dereference goroutine 26 [running]: net/http.(*conn).serve.func1(0xc0005d4dc0) /usr/local/opt/go/libexec/src/net/http/server.go:1801 +0x147 panic(0x1a521a0, 0x2266060) /usr/local/opt/go/libexec/src/runtime/panic.go:975 +0x47a github.com/apisix/manager-api/internal/filter.Authentication.func1(0xc00056c1e0) /Users/imjoey/Work/apache-apisix/apisix-dashboard/api/internal/filter/authentication.go:45 +0x256 github.com/gin-gonic/gin.(*Context).Next(0xc00056c1e0) /Users/imjoey/go/pkg/mod/github.com/gin-gonic/gin@v1.6.3/context.go:161 +0x3b github.com/apisix/manager-api/internal/filter.SchemaCheck.func1(0xc00056c1e0) /Users/imjoey/Work/apache-apisix/apisix-dashboard/api/internal/filter/schema.go:189 +0x125 github.com/gin-gonic/gin.(*Context).Next(0xc00056c1e0) /Users/imjoey/go/pkg/mod/github.com/gin-gonic/gin@v1.6.3/context.go:161 +0x3b github.com/apisix/manager-api/internal/filter.RequestLogHandler.func1(0xc00056c1e0) /Users/imjoey/Work/apache-apisix/apisix-dashboard/api/internal/filter/logging.go:35 +0x1df github.com/gin-gonic/gin.(*Context).Next(0xc00056c1e0) /Users/imjoey/go/pkg/mod/github.com/gin-gonic/gin@v1.6.3/context.go:161 +0x3b github.com/apisix/manager-api/internal/filter.RequestId.func1(0xc00056c1e0) /Users/imjoey/Work/apache-apisix/apisix-dashboard/api/internal/filter/request_id.go:41 +0x287 github.com/gin-gonic/gin.(*Context).Next(0xc00056c1e0) /Users/imjoey/go/pkg/mod/github.com/gin-gonic/gin@v1.6.3/context.go:161 +0x3b github.com/apisix/manager-api/internal/filter.CORS.func1(0xc00056c1e0) /Users/imjoey/Work/apache-apisix/apisix-dashboard/api/internal/filter/cors.go:31 +0x3a7 github.com/gin-gonic/gin.(*Context).Next(0xc00056c1e0) /Users/imjoey/go/pkg/mod/github.com/gin-gonic/gin@v1.6.3/context.go:161 +0x3b github.com/gin-contrib/sessions.Sessions.func1(0xc00056c1e0) /Users/imjoey/go/pkg/mod/github.com/gin-contrib/sessions@v0.0.3/sessions.go:52 +0x186 github.com/gin-gonic/gin.(*Context).Next(0xc00056c1e0) /Users/imjoey/go/pkg/mod/github.com/gin-gonic/gin@v1.6.3/context.go:161 +0x3b github.com/gin-gonic/gin.(*Engine).handleHTTPRequest(0xc000344500, 0xc00056c1e0) /Users/imjoey/go/pkg/mod/github.com/gin-gonic/gin@v1.6.3/gin.go:409 +0x67a github.com/gin-gonic/gin.(*Engine).ServeHTTP(0xc000344500, 0x1cc1980, 0xc000574000, 0xc000122600) /Users/imjoey/go/pkg/mod/github.com/gin-gonic/gin@v1.6.3/gin.go:367 +0x14d net/http.serverHandler.ServeHTTP(0xc0001722a0, 0x1cc1980, 0xc000574000, 0xc000122600) /usr/local/opt/go/libexec/src/net/http/server.go:2843 +0xa3 net/http.(*conn).serve(0xc0005d4dc0, 0x1cc3f00, 0xc0001204c0) /usr/local/opt/go/libexec/src/net/http/server.go:1925 +0x8ad created by net/http.(*Server).Serve /usr/local/opt/go/libexec/src/net/http/server.go:2969 +0x36c ``` ## Expected behavior The manager-api could well deal with the bad request and return `401` as expected. ## System information - OS: macOS - Version: latest in master branch (https://github.com/apache/apisix-dashboard/commit/45e90ec8e13a1c9659645034f1fd50f0552b93e3) ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
