filter request for basic auth in integration mode

This commit is contained in:
Wenkai Yin 2017-07-03 17:58:36 +08:00
parent 3ebe1a824b
commit d2eb8fc8b6

View File

@ -126,11 +126,18 @@ func (b *basicAuthReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
} }
log.Debug("got user information via basic auth") log.Debug("got user information via basic auth")
var securCtx security.Context
var pm projectmanager.ProjectManager
if config.WithAdmiral() {
// integration with admiral // integration with admiral
if config.WithAdmiral() {
// Can't get a token from Admiral's login API, we can only
// create a project manager with the token of the solution user.
// That way may cause some wrong permission promotion in some API
// calls, so we just handle the requests which are necessary
if !filterReq(ctx.Request) {
log.Debugf("basic auth is not supported for request %s %s, skip",
ctx.Request.Method, ctx.Request.URL.Path)
return false
}
authCtx, err := authcontext.Login(config.AdmiralClient, authCtx, err := authcontext.Login(config.AdmiralClient,
config.AdmiralEndpoint(), username, password) config.AdmiralEndpoint(), username, password)
if err != nil { if err != nil {
@ -139,10 +146,14 @@ func (b *basicAuthReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
} }
log.Debug("using glocal project manager...") log.Debug("using glocal project manager...")
pm = config.GlobalProjectMgr pm := config.GlobalProjectMgr
log.Debug("creating admiral security context...") log.Debug("creating admiral security context...")
securCtx = admiral.NewSecurityContext(authCtx, pm) securCtx := admiral.NewSecurityContext(authCtx, pm)
} else {
setSecurCtxAndPM(ctx.Request, securCtx, pm)
return true
}
// standalone // standalone
user, err := auth.Login(models.AuthModel{ user, err := auth.Login(models.AuthModel{
Principal: username, Principal: username,
@ -157,16 +168,23 @@ func (b *basicAuthReqCtxModifier) Modify(ctx *beegoctx.Context) bool {
return false return false
} }
log.Debug("using local database project manager") log.Debug("using local database project manager")
pm = config.GlobalProjectMgr pm := config.GlobalProjectMgr
log.Debug("creating local database security context...") log.Debug("creating local database security context...")
securCtx = local.NewSecurityContext(user, pm) securCtx := local.NewSecurityContext(user, pm)
}
setSecurCtxAndPM(ctx.Request, securCtx, pm) setSecurCtxAndPM(ctx.Request, securCtx, pm)
return true return true
} }
func filterReq(req *http.Request) bool {
path := req.URL.Path
if path == "/api/projects" && req.Method == http.MethodPost ||
path == "/service/token" && req.Method == http.MethodGet {
return true
}
return false
}
type sessionReqCtxModifier struct{} type sessionReqCtxModifier struct{}
func (s *sessionReqCtxModifier) Modify(ctx *beegoctx.Context) bool { func (s *sessionReqCtxModifier) Modify(ctx *beegoctx.Context) bool {