version

GitBox Thu, 04 Feb 2021 21:48:16 -0800


juzhiyuan commented on a change in pull request #1429:
URL: https://github.com/apache/apisix-dashboard/pull/1429#discussion_r570734642




##########
File path: api/internal/filter/authentication.go
##########
@@ -45,50 +45,55 @@ func (mw *AuthenticationMiddleware) Handle(ctx 
droplet.Context) error {
 
        req := httpReq.(*http.Request)
 
-       if req.URL.Path != "/apisix/admin/user/login" && 
strings.HasPrefix(req.URL.Path, "/apisix") {
-               tokenStr := req.Header.Get("Authorization")
-
-               // verify token
-               token, err := jwt.ParseWithClaims(tokenStr, 
&jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
-                       return []byte(conf.AuthConf.Secret), nil
-               })
-
-               // TODO: design the response error code
-               response := data.Response{Code: 010013, Message: "request 
unauthorized"}
-
-               if err != nil || token == nil || !token.Valid {
-                       log.Warnf("token validate failed: %s", err)
-                       ctx.SetOutput(&data.SpecCodeResponse{StatusCode: 
http.StatusUnauthorized, Response: response})
-                       return nil
-               }
-
-               claims, ok := token.Claims.(*jwt.StandardClaims)
-               if !ok {
-                       log.Warnf("token validate failed: %s, %v", err, 
token.Valid)
-                       ctx.SetOutput(&data.SpecCodeResponse{StatusCode: 
http.StatusUnauthorized, Response: response})
-                       return nil
-               }
-
-               if err := token.Claims.Valid(); err != nil {
-                       log.Warnf("token claims validate failed: %s", err)
-                       ctx.SetOutput(&data.SpecCodeResponse{StatusCode: 
http.StatusUnauthorized, Response: response})
-                       return nil
-               }
-
-               if claims.Subject == "" {
-                       log.Warn("token claims subject empty")
-                       ctx.SetOutput(&data.SpecCodeResponse{StatusCode: 
http.StatusUnauthorized, Response: response})
-                       return nil
-               }
-
-               if _, ok := conf.UserList[claims.Subject]; !ok {
-                       log.Warnf("user not exists by token claims subject %s", 
claims.Subject)
-                       ctx.SetOutput(&data.SpecCodeResponse{StatusCode: 
http.StatusUnauthorized, Response: response})
-                       return nil
-               }
+       if req.URL.Path == "/apisix/admin/tool/version" || req.URL.Path == 
"/apisix/admin/user/login" {
+               return mw.BaseMiddleware.Handle(ctx)
+       }
 
+       if !strings.HasPrefix(req.URL.Path, "/apisix") {
                return mw.BaseMiddleware.Handle(ctx)
        }
 
+       // Need check the auth header
+       tokenStr := req.Header.Get("Authorization")
+
+       // verify token
+       token, err := jwt.ParseWithClaims(tokenStr, &jwt.StandardClaims{}, 
func(token *jwt.Token) (interface{}, error) {
+               return []byte(conf.AuthConf.Secret), nil
+       })
+
+       // TODO: design the response error code

Review comment:
       Could you reference this PR with that issue? to prevent from missing 
this case.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [apisix-dashboard] juzhiyuan commented on a change in pull request #1429: fix: change the /version to /apisix/admin/tool/version

Reply via email to