srijeet0406 commented on code in PR #7282:
URL: https://github.com/apache/trafficcontrol/pull/7282#discussion_r1068733569
##########
traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go:
##########
@@ -27,6 +27,7 @@ import (
"encoding/base64"
"errors"
"fmt"
+ "github.com/lestrrat-go/jwx/jwt"
Review Comment:
This is not sorted correctly.
##########
traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go:
##########
@@ -188,19 +189,43 @@ func GetWrapAccessLog(secret string) Middleware {
}
}
+func getCookieToken(r *http.Request) string {
+ cookie, err := r.Cookie(tocookie.Name)
+ if err == nil && cookie != nil {
+ return cookie.Value
+ } else if r.Header.Get(rfc.Cookie) != "" &&
strings.Contains(r.Header.Get(rfc.Cookie), "access_token") {
Review Comment:
Could you make `access_token` into a constant?
##########
traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go:
##########
@@ -188,19 +189,43 @@ func GetWrapAccessLog(secret string) Middleware {
}
}
+func getCookieToken(r *http.Request) string {
+ cookie, err := r.Cookie(tocookie.Name)
+ if err == nil && cookie != nil {
+ return cookie.Value
+ } else if r.Header.Get(rfc.Cookie) != "" &&
strings.Contains(r.Header.Get(rfc.Cookie), "access_token") {
+ cookie, err := r.Cookie("access_token")
+ if err == nil && cookie != nil {
+ decodedToken, err := jwt.Parse([]byte(cookie.Value))
+ if err == nil && cookie != nil {
+ return fmt.Sprintf("%s",
decodedToken.PrivateClaims()["mojoCookie"])
+ }
+ }
+ } else if r.Header.Get(rfc.Authorization) != "" &&
strings.Contains(r.Header.Get(rfc.Authorization), "Bearer") {
+ givenTokenSplit :=
strings.Split(r.Header.Get(rfc.Authorization), " ")
Review Comment:
Same for `Bearer`
##########
traffic_ops/traffic_ops_golang/tocookie/cookie.go:
##########
@@ -26,6 +26,9 @@ import (
const GeneratedByStr = "trafficcontrol-go-tocookie"
const Name = "mojolicious"
+const MojoCookie = "mojoCookie"
Review Comment:
Oh I see you already have the constants, just need to use them :)
##########
traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go:
##########
@@ -188,19 +189,43 @@ func GetWrapAccessLog(secret string) Middleware {
}
}
+func getCookieToken(r *http.Request) string {
+ cookie, err := r.Cookie(tocookie.Name)
+ if err == nil && cookie != nil {
+ return cookie.Value
+ } else if r.Header.Get(rfc.Cookie) != "" &&
strings.Contains(r.Header.Get(rfc.Cookie), "access_token") {
+ cookie, err := r.Cookie("access_token")
+ if err == nil && cookie != nil {
+ decodedToken, err := jwt.Parse([]byte(cookie.Value))
+ if err == nil && cookie != nil {
+ return fmt.Sprintf("%s",
decodedToken.PrivateClaims()["mojoCookie"])
Review Comment:
Same for `mojoCookie`
##########
traffic_ops/traffic_ops_golang/routing/middleware/wrappers.go:
##########
@@ -188,19 +189,43 @@ func GetWrapAccessLog(secret string) Middleware {
}
}
+func getCookieToken(r *http.Request) string {
+ cookie, err := r.Cookie(tocookie.Name)
+ if err == nil && cookie != nil {
+ return cookie.Value
+ } else if r.Header.Get(rfc.Cookie) != "" &&
strings.Contains(r.Header.Get(rfc.Cookie), "access_token") {
+ cookie, err := r.Cookie("access_token")
+ if err == nil && cookie != nil {
+ decodedToken, err := jwt.Parse([]byte(cookie.Value))
+ if err == nil && cookie != nil {
+ return fmt.Sprintf("%s",
decodedToken.PrivateClaims()["mojoCookie"])
+ }
+ }
+ } else if r.Header.Get(rfc.Authorization) != "" &&
strings.Contains(r.Header.Get(rfc.Authorization), "Bearer") {
+ givenTokenSplit :=
strings.Split(r.Header.Get(rfc.Authorization), " ")
+ if len(givenTokenSplit) < 2 {
+ return ""
+ }
+ decodedToken, err := jwt.Parse([]byte(givenTokenSplit[1]))
+ if err == nil && decodedToken != nil {
+ return fmt.Sprintf("%s",
decodedToken.PrivateClaims()["mojoCookie"])
+ }
+ return givenTokenSplit[1]
+ }
+ return ""
+}
+
// WrapAccessLog takes the cookie secret and a http.Handler, and returns a
HandlerFunc which writes to the Access Log (which is the lib/go-log EventLog)
after the HandlerFunc finishes.
// This is not a Middleware, because it needs the secret as a parameter. For a
Middleware, see GetWrapAccessLog.
func WrapAccessLog(secret string, h http.Handler) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
var imsType = NONIMS
iw := &util.Interceptor{W: w}
user := "-"
- cookie, err := r.Cookie(tocookie.Name)
- if err == nil && cookie != nil {
- cookie, userErr, sysErr := tocookie.Parse(secret,
cookie.Value)
- if userErr == nil && sysErr == nil {
- user = cookie.AuthData
- }
+ cookieToken := getCookieToken(r)
+ cookie, userErr, sysErr := tocookie.Parse(secret, cookieToken)
+ if userErr == nil && sysErr == nil {
Review Comment:
We should probably log the errors here, in case they are not nil
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
