Make mod self references actually self reference. (#1013)

* Make mod self references actually self reference. * Add basic log sanitization.
trimble-oss · Mar 27, 2024 · 5464b64 · 5464b64
1 parent e85d619
commit 5464b64
Show file tree

Hide file tree

Showing 6 changed files with 27 additions and 23 deletions.
diff --git a/atrium/go.mod b/atrium/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2 v2.1.0
 	github.com/glycerine/bchan v0.0.0-20170210221909-ad30cd867e1c
 	github.com/go-git/go-billy/v5 v5.4.1
-	github.com/trimble-oss/tierceron v1.5.9
+	github.com/trimble-oss/tierceron v1.7.2
 	github.com/trimble-oss/tierceron-nute v1.0.0
 	k8s.io/api v0.26.1
 	k8s.io/apimachinery v0.26.1
@@ -242,7 +242,7 @@ replace github.com/dolthub/go-mysql-server => github.com/trimble-oss/go-mysql-se
 
 //replace github.com/trimble-oss/tierceron-nute => ../tierceron-nute
 
-// replace github.com/trimble-oss/tierceron => ../
+replace github.com/trimble-oss/tierceron => ../
 
 replace github.com/g3n/engine v0.2.0 => github.com/mrjrieke/engine v0.2.1-0.20220803142437-5cc7bcf0b99d
 

diff --git a/atrium/go.sum b/atrium/go.sum
@@ -839,8 +839,6 @@ github.com/trimble-oss/go-mysql-server v0.12.0-1.12 h1:J9AY0+pgdwiAScHH4Ggb7aNy7
 github.com/trimble-oss/go-mysql-server v0.12.0-1.12/go.mod h1:BWcyVjTqYp/wL9LYTRJ341vcOaJDaDRPldmyay0CbmU=
 github.com/trimble-oss/kubectl v0.0.5 h1:8faeUC0kYp4vvY7cbymrOehUm2bj74JU+s330CTJ3Pw=
 github.com/trimble-oss/kubectl v0.0.5/go.mod h1:V+ivAn0PvtBhgnjiBq1rk9EcijMNmAbD+Bc4SrMFP50=
-github.com/trimble-oss/tierceron v1.5.9 h1:uVW2y7n7kuIUowbW9j5PALlGJqcna28zRwdL9D053TM=
-github.com/trimble-oss/tierceron v1.5.9/go.mod h1:R0zqn+wYTWReaYqaHmeR1oAQ9sYqI/VrlY4URP1l4rA=
 github.com/trimble-oss/tierceron-hat v1.0.4 h1:1XBqYwcHhjptK3Q4kKmbkRTvJamfmhnrfyOYv6SB6Ic=
 github.com/trimble-oss/tierceron-hat v1.0.4/go.mod h1:tGBWlLEwe9A9JvWYqMkC9cHeWWqF0RWJ7wVtijuK8hE=
 github.com/trimble-oss/tierceron-nute v1.0.0 h1:dIG22CQN4pV/N7kjBPz0BrqKdDu94ZOxLuT4UqX4miU=

diff --git a/go.mod b/go.mod
@@ -36,7 +36,7 @@ require (
 	github.com/go-git/go-billy/v5 v5.4.1
 	github.com/graphql-go/graphql v0.8.1-0.20220614210743-09272f350067
 	github.com/trimble-oss/tierceron-hat v1.0.4
-	github.com/trimble-oss/tierceron/atrium v0.0.0-20240305174118-60239a804ed1
+	github.com/trimble-oss/tierceron/atrium v0.0.0-20240326213127-e85d6193e1c6
 )
 
 require (
@@ -111,4 +111,4 @@ require (
 
 replace github.com/dolthub/go-mysql-server => github.com/trimble-oss/go-mysql-server v0.12.0-1.21
 
-// replace github.com/trimble-oss/tierceron/atrium => ./atrium
+replace github.com/trimble-oss/tierceron/atrium => ./atrium
diff --git a/go.sum b/go.sum
@@ -452,8 +452,6 @@ github.com/trimble-oss/tierceron-nute v1.0.0 h1:dIG22CQN4pV/N7kjBPz0BrqKdDu94ZOx
 github.com/trimble-oss/tierceron-nute v1.0.0/go.mod h1:9d0O4NDikXUlHTTOMjIOONJ9JRqgI0c4BdD6icPtVBA=
 github.com/trimble-oss/tierceron-succinctly v0.0.0-20231202151147-a0fc3a0ba103 h1:pawnUESmxej0xrSStXI91vK9ryLWI4rFVDEJqy+pKHs=
 github.com/trimble-oss/tierceron-succinctly v0.0.0-20231202151147-a0fc3a0ba103/go.mod h1:pS2vkiPDNCOggDomTxvPTLucBOB/PdeOQWzLIHHjvu0=
-github.com/trimble-oss/tierceron/atrium v0.0.0-20240305174118-60239a804ed1 h1:/uRvJovuibMD5PPwR6SE/Zk2bdkMqB1GvzUpFWXk2/U=
-github.com/trimble-oss/tierceron/atrium v0.0.0-20240305174118-60239a804ed1/go.mod h1:GAKVSaqs60myBDmU2jj1Ld/TUc5VDD5iV05a79rfqoE=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
 github.com/twitchtv/twirp v5.12.1+incompatible h1:UnrJ4Z8llkdjnQbLqJBWRBwaDGojBsU5lft3DrD/SvY=
 github.com/twitchtv/twirp v5.12.1+incompatible/go.mod h1:RRJoFSAmTEh2weEqWtpPE3vFK5YBhA6bqp2l1kfCC5A=

diff --git a/pkg/core/util/util.go b/pkg/core/util/util.go
@@ -440,3 +440,10 @@ func UncompressZipFile(filePath string) (bool, []error) {
 	}
 
 }
+
+func Sanitize(input interface{}) string {
+	if input == nil {
+		return ""
+	}
+	return strings.ReplaceAll(input.(string), "\n", "")
+}
diff --git a/trcweb/apiRouter/router.go b/trcweb/apiRouter/router.go
@@ -11,6 +11,7 @@ import (
 	"github.com/trimble-oss/tierceron/buildopts/coreopts"
 	"github.com/trimble-oss/tierceron/buildopts/memprotectopts"
 	"github.com/trimble-oss/tierceron/pkg/core"
+	"github.com/trimble-oss/tierceron/pkg/core/util"
 	eUtils "github.com/trimble-oss/tierceron/pkg/utils"
 	twp "github.com/trimble-oss/tierceron/trcweb/rpc/apinator"
 	"github.com/trimble-oss/tierceron/trcweb/server"
@@ -76,52 +77,52 @@ func authrouter(restHandler http.Handler, isAuth bool) *rtr.Router {
 						err = claims.Valid()
 						if err == nil { // Verify that token had valid issuing time/date
 							if claims["iss"] != "Viewpoint, Inc." { // Verify issuer
-								errMsg = "Invalid token issuer: " + claims["iss"].(string)
-								http.Error(w, errMsg, 401)
+								errMsg = fmt.Sprintf("Invalid token issuer: %s", util.Sanitize(claims["iss"]))
+								http.Error(w, errMsg, http.StatusUnauthorized)
 								s.Log.Println(errMsg)
 								return
 							} else if claims["aud"] != "Viewpoint Vault WebAPI" { // Verify audience
-								errMsg = "Token issued for different audience: " + claims["aud"].(string)
-								http.Error(w, errMsg, 401)
+								errMsg = fmt.Sprintf("Token issued for different audience: %s", util.Sanitize(claims["aud"]))
+								http.Error(w, errMsg, http.StatusUnauthorized)
 								s.Log.Println(errMsg)
 								return
 							}
 							// Output token info and pass request to twirp server
 							s.Log.SetPrefix("[INFO]")
-							s.Log.Printf("Request authorized for %v with ID %v\n", claims["name"], claims["sub"])
+							s.Log.Printf("Request authorized for %v with ID %v\n", util.Sanitize(claims["name"]), util.Sanitize(claims["sub"]))
 							ctx := r.Context()
 							restHandler.ServeHTTP(w, r.WithContext(context.WithValue(ctx, "user", claims["sub"])))
 							return
 						}
 						// Before issue time, after expiration, or before validity time
-						http.Error(w, err.Error(), 401)
-						s.Log.Printf("%d: %s", 401, err.Error())
+						http.Error(w, err.Error(), http.StatusUnauthorized)
+						s.Log.Printf("%d: %s", http.StatusUnauthorized, err.Error())
 						return
 					}
 					// Token claims not in json format
 					errMsg = "Format error with auth token claims"
-					http.Error(w, errMsg, 401)
+					http.Error(w, errMsg, http.StatusUnauthorized)
 
 					errMsg = eUtils.SanitizeForLogging(errMsg)
-					s.Log.Printf("%d: %s", 401, errMsg)
+					s.Log.Printf("%d: %s", http.StatusUnauthorized, errMsg)
 					return
 				}
 				// Error when parsing token. Pass back a generalized error for formatting
 				errMsg = "Invalid token: " + err.Error()
-				http.Error(w, errMsg, 401)
-				s.Log.Printf("%d: %s\n", 401, errMsg)
+				http.Error(w, errMsg, http.StatusUnauthorized)
+				s.Log.Printf("%d: %s\n", http.StatusUnauthorized, errMsg)
 				return
 			}
 			// Auth method passed but is not a bearer token
 			errMsg = "Invalid auth method " + splitAuth[0]
-			http.Error(w, errMsg, 401)
-			s.Log.Print(eUtils.SanitizeForLogging(fmt.Sprintf("%d: %s", 401, errMsg)))
+			http.Error(w, errMsg, http.StatusUnauthorized)
+			s.Log.Print(eUtils.SanitizeForLogging(fmt.Sprintf("%d: %s", http.StatusUnauthorized, errMsg)))
 			return
 		}
 		// No token to authenticate against
 		errMsg = "Missing auth token"
-		http.Error(w, errMsg, 401)
-		s.Log.Printf("%d: %s", 401, errMsg)
+		http.Error(w, errMsg, http.StatusUnauthorized)
+		s.Log.Printf("%d: %s", http.StatusUnauthorized, errMsg)
 		return
 
 	}