-
Notifications
You must be signed in to change notification settings - Fork 313
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor(gateway): authentication middlewares and context information #3736
Conversation
d69c044
to
e2b6bdd
Compare
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## master #3736 +/- ##
==========================================
+ Coverage 68.44% 68.64% +0.20%
==========================================
Files 337 344 +7
Lines 51602 51565 -37
==========================================
+ Hits 35320 35398 +78
+ Misses 14004 13885 -119
- Partials 2278 2282 +4
☔ View full report in Codecov by Sentry. |
b9f9c12
to
8529b33
Compare
@@ -124,42 +113,12 @@ func (webhook *HandleT) failRequest(w http.ResponseWriter, r *http.Request, reas | |||
} | |||
|
|||
func (webhook *HandleT) RequestHandler(w http.ResponseWriter, r *http.Request) { | |||
reqType := r.Context().Value(gwtypes.CtxParamCallType).(string) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am bit concerned with the usage of context values. Because of their impact in readability and losing compile time checks.
I need to dice deeper into the code to understand if we are able to avoid them and at what costs.
However, if we keep them I would suggest creating a function that takes a request as parameter and returns reqType.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it helps, all code paths which are using context values are covered with tests and if improper usage was introduced, casting errors would be recorded.
6baeca0
to
a030a3e
Compare
01c8e8e
to
f43600c
Compare
Description
gateway
and propagating source authentication information in the request's context for subsequent handlers to use.Authorization
header and validates that the source is enabled.Authorization
header or as a query parameter and validates that the source is enabled and is of type webhook.X-Rudder-Source-Id
header and validates that the source is enabled.Authorization
headersourceID
or awriteKey
.Linear Ticket
Link
Security