Skip to content

Commit

Permalink
role panic check
Browse files Browse the repository at this point in the history
  • Loading branch information
@John-Lin
John-Lin committed Oct 17, 2018
1 parent 2de0c9c commit 841e779
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 12 deletions.
11 changes: 8 additions & 3 deletions src/server/route.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,8 @@ func newRegistryService(sp *serviceprovider.Container) *restful.WebService {
Consumes(restful.MIME_JSON, restful.MIME_JSON).
Produces(restful.MIME_JSON, restful.MIME_JSON)

webService.Filter(validateTokenMiddleware)

webService.Route(webService.POST("/auth").
Filter(guestRole).
To(handler.RESTfulServiceHandler(sp, registryBasicAuthHandler)))
Expand All @@ -74,12 +76,15 @@ func newUserService(sp *serviceprovider.Container) *restful.WebService {

// TODO only root role can access
webService.Route(webService.GET("/").
Filter(validateTokenMiddleware).
Filter(rootRole).
To(handler.RESTfulServiceHandler(sp, listUserHandler)))
webService.Route(webService.POST("/").
Filter(validateTokenMiddleware).
Filter(rootRole).
To(handler.RESTfulServiceHandler(sp, createUserHandler)))
webService.Route(webService.DELETE("/{id}").
Filter(validateTokenMiddleware).
Filter(rootRole).
To(handler.RESTfulServiceHandler(sp, deleteUserHandler)))

Expand Down Expand Up @@ -175,7 +180,7 @@ func newContainerService(sp *serviceprovider.Container) *restful.WebService {
Consumes(restful.MIME_JSON, restful.MIME_JSON).
Produces(restful.MIME_JSON, restful.MIME_JSON)

// webService.Filter(validateTokenMiddleware)
webService.Filter(validateTokenMiddleware)

webService.Route(webService.GET("/logs/{namespace}/{pod}/{container}").
Filter(guestRole).
Expand Down Expand Up @@ -215,12 +220,12 @@ func newPodService(sp *serviceprovider.Container) *restful.WebService {
func newDeploymentService(sp *serviceprovider.Container) *restful.WebService {
webService := new(restful.WebService)

webService.Filter(validateTokenMiddleware)

webService.Path("/v1/deployments").
Consumes(restful.MIME_JSON, restful.MIME_JSON).
Produces(restful.MIME_JSON, restful.MIME_JSON)

webService.Filter(validateTokenMiddleware)

webService.Route(webService.POST("/").
Filter(userRole).
To(handler.RESTfulServiceHandler(sp, createDeploymentHandler)))
Expand Down
18 changes: 9 additions & 9 deletions src/server/route_filter.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,11 @@ func validateTokenMiddleware(req *restful.Request, resp *restful.Response, chain
}

func rootRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
role := req.Attribute("Role").(string)
if role == entity.RootRole {
role, ok := req.Attribute("Role").(string)
if ok && role == entity.RootRole {
chain.ProcessFilter(req, resp)
} else {
log.Printf("User has no root role: Forbidden")
log.Printf("User role: %s has no root role: Forbidden", role)
resp.WriteHeaderAndEntity(http.StatusForbidden,
response.ActionResponse{
Error: true,
Expand All @@ -66,11 +66,11 @@ func rootRole(req *restful.Request, resp *restful.Response, chain *restful.Filte
}

func userRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
role := req.Attribute("Role").(string)
if role == entity.RootRole || role == entity.UserRole {
role, ok := req.Attribute("Role").(string)
if ok && role == entity.RootRole || role == entity.UserRole {
chain.ProcessFilter(req, resp)
} else {
log.Printf("User has no user role: Forbidden")
log.Printf("User role: %s has no root role: Forbidden", role)
resp.WriteHeaderAndEntity(http.StatusForbidden,
response.ActionResponse{
Error: true,
Expand All @@ -81,11 +81,11 @@ func userRole(req *restful.Request, resp *restful.Response, chain *restful.Filte
}

func guestRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
role := req.Attribute("Role").(string)
if role == entity.RootRole || role == entity.UserRole || role == entity.GuestRole {
role, ok := req.Attribute("Role").(string)
if ok && role == entity.RootRole || role == entity.UserRole || role == entity.GuestRole {
chain.ProcessFilter(req, resp)
} else {
log.Printf("User has no guest role: Forbidden")
log.Printf("User role: %s has no root role: Forbidden", role)
resp.WriteHeaderAndEntity(http.StatusForbidden,
response.ActionResponse{
Error: true,
Expand Down

0 comments on commit 841e779

Please sign in to comment.