[GitHub] [apisix-dashboard] starsz commented on a change in pull request #1429: fix: change the /version to /apisix/admin/tool/version

Thu, 04 Feb 2021 22:01:23 -0800 


starsz commented on a change in pull request #1429:
URL: https://github.com/apache/apisix-dashboard/pull/1429#discussion_r570738755



##########
File path: api/internal/filter/authentication.go
##########
@@ -45,50 +45,55 @@ func (mw *AuthenticationMiddleware) Handle(ctx 
droplet.Context) error {
 
        req := httpReq.(*http.Request)
 
-       if req.URL.Path != "/apisix/admin/user/login" && 
strings.HasPrefix(req.URL.Path, "/apisix") {
-               tokenStr := req.Header.Get("Authorization")
-
-               // verify token
-               token, err := jwt.ParseWithClaims(tokenStr, 
&jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
-                       return []byte(conf.AuthConf.Secret), nil
-               })
-
-               // TODO: design the response error code
-               response := data.Response{Code: 010013, Message: "request 
unauthorized"}
-
-               if err != nil || token == nil || !token.Valid {
-                       log.Warnf("token validate failed: %s", err)
-                       ctx.SetOutput(&data.SpecCodeResponse{StatusCode: 
http.StatusUnauthorized, Response: response})
-                       return nil
-               }
-
-               claims, ok := token.Claims.(*jwt.StandardClaims)
-               if !ok {
-                       log.Warnf("token validate failed: %s, %v", err, 
token.Valid)
-                       ctx.SetOutput(&data.SpecCodeResponse{StatusCode: 
http.StatusUnauthorized, Response: response})
-                       return nil
-               }
-
-               if err := token.Claims.Valid(); err != nil {
-                       log.Warnf("token claims validate failed: %s", err)
-                       ctx.SetOutput(&data.SpecCodeResponse{StatusCode: 
http.StatusUnauthorized, Response: response})
-                       return nil
-               }
-
-               if claims.Subject == "" {
-                       log.Warn("token claims subject empty")
-                       ctx.SetOutput(&data.SpecCodeResponse{StatusCode: 
http.StatusUnauthorized, Response: response})
-                       return nil
-               }
-
-               if _, ok := conf.UserList[claims.Subject]; !ok {
-                       log.Warnf("user not exists by token claims subject %s", 
claims.Subject)
-                       ctx.SetOutput(&data.SpecCodeResponse{StatusCode: 
http.StatusUnauthorized, Response: response})
-                       return nil
-               }
+       if req.URL.Path == "/apisix/admin/tool/version" || req.URL.Path == 
"/apisix/admin/user/login" {
+               return mw.BaseMiddleware.Handle(ctx)
+       }
 
+       if !strings.HasPrefix(req.URL.Path, "/apisix") {
                return mw.BaseMiddleware.Handle(ctx)
        }
 
+       // Need check the auth header
+       tokenStr := req.Header.Get("Authorization")
+
+       // verify token
+       token, err := jwt.ParseWithClaims(tokenStr, &jwt.StandardClaims{}, 
func(token *jwt.Token) (interface{}, error) {
+               return []byte(conf.AuthConf.Secret), nil
+       })
+
+       // TODO: design the response error code

Review comment:
       See the ISSUE: https://github.com/apache/apisix-dashboard/issues/758




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to