juzhiyuan commented on a change in pull request #1429: URL: https://github.com/apache/apisix-dashboard/pull/1429#discussion_r570734642
########## File path: api/internal/filter/authentication.go ########## @@ -45,50 +45,55 @@ func (mw *AuthenticationMiddleware) Handle(ctx droplet.Context) error { req := httpReq.(*http.Request) - if req.URL.Path != "/apisix/admin/user/login" && strings.HasPrefix(req.URL.Path, "/apisix") { - tokenStr := req.Header.Get("Authorization") - - // verify token - token, err := jwt.ParseWithClaims(tokenStr, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) { - return []byte(conf.AuthConf.Secret), nil - }) - - // TODO: design the response error code - response := data.Response{Code: 010013, Message: "request unauthorized"} - - if err != nil || token == nil || !token.Valid { - log.Warnf("token validate failed: %s", err) - ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response}) - return nil - } - - claims, ok := token.Claims.(*jwt.StandardClaims) - if !ok { - log.Warnf("token validate failed: %s, %v", err, token.Valid) - ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response}) - return nil - } - - if err := token.Claims.Valid(); err != nil { - log.Warnf("token claims validate failed: %s", err) - ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response}) - return nil - } - - if claims.Subject == "" { - log.Warn("token claims subject empty") - ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response}) - return nil - } - - if _, ok := conf.UserList[claims.Subject]; !ok { - log.Warnf("user not exists by token claims subject %s", claims.Subject) - ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response}) - return nil - } + if req.URL.Path == "/apisix/admin/tool/version" || req.URL.Path == "/apisix/admin/user/login" { + return mw.BaseMiddleware.Handle(ctx) + } + if !strings.HasPrefix(req.URL.Path, "/apisix") { return mw.BaseMiddleware.Handle(ctx) } + // Need check the auth header + tokenStr := req.Header.Get("Authorization") + + // verify token + token, err := jwt.ParseWithClaims(tokenStr, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) { + return []byte(conf.AuthConf.Secret), nil + }) + + // TODO: design the response error code Review comment: Could you reference this PR with that issue? to prevent from missing this case. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org