You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by ch...@apache.org on 2020/10/15 04:34:54 UTC

[apisix-dashboard] 01/02: fix auth bug

This is an automated email from the ASF dual-hosted git repository.

chenjunxu pushed a commit to branch refactor
in repository https://gitbox.apache.org/repos/asf/apisix-dashboard.git

commit 65ed6232fc86dc170dc44013f99dfe182b918f0e
Author: nic-chen <jo...@163.com>
AuthorDate: Thu Oct 15 12:10:15 2020 +0800

    fix auth bug
---
 api/conf/conf.go                             | 14 +++-----------
 api/filter/authentication.go                 |  2 +-
 api/internal/handler/service/service_test.go |  4 ++--
 3 files changed, 6 insertions(+), 14 deletions(-)

diff --git a/api/conf/conf.go b/api/conf/conf.go
index 66079b5..618274f 100644
--- a/api/conf/conf.go
+++ b/api/conf/conf.go
@@ -19,12 +19,13 @@ package conf
 import (
 	"fmt"
 	"io/ioutil"
-	"math/rand"
 	"os"
 	"path/filepath"
 	"runtime"
 
 	"github.com/tidwall/gjson"
+
+	"github.com/apisix/manager-api/internal/utils"
 )
 
 const ServerPort = 8080
@@ -138,15 +139,6 @@ func initApisix() {
 	}
 }
 
-func randomString(n int) string {
-	var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
-	b := make([]rune, n)
-	for i := range b {
-		b[i] = letters[rand.Intn(len(letters))]
-	}
-	return string(b)
-}
-
 func initAuthentication() {
 	filePath := configurationPath()
 	configurationContent, err := ioutil.ReadFile(filePath)
@@ -164,7 +156,7 @@ func initAuthentication() {
 	}
 	AuthenticationConfig.Session.Secret = configuration.Get("authentication.session.secret").String()
 	if "secret" == AuthenticationConfig.Session.Secret {
-		AuthenticationConfig.Session.Secret = randomString(10)
+		AuthenticationConfig.Session.Secret = utils.GetFlakeUidStr()
 	}
 
 	AuthenticationConfig.Session.ExpireTime = configuration.Get("authentication.session.expireTime").Uint()
diff --git a/api/filter/authentication.go b/api/filter/authentication.go
index caebd9a..9928d2a 100644
--- a/api/filter/authentication.go
+++ b/api/filter/authentication.go
@@ -41,7 +41,7 @@ func Authentication() gin.HandlerFunc {
 				"message": "Request Unauthorized",
 			}
 
-			if err != nil {
+			if err != nil || !token.Valid {
 				c.AbortWithStatusJSON(http.StatusUnauthorized, errResp)
 				return
 			}
diff --git a/api/internal/handler/service/service_test.go b/api/internal/handler/service/service_test.go
index a433e80..0bf78eb 100644
--- a/api/internal/handler/service/service_test.go
+++ b/api/internal/handler/service/service_test.go
@@ -108,8 +108,8 @@ func TestService(t *testing.T) {
 	_, err = handler.Update(ctx)
 	assert.Nil(t, err)
 
-  //sleep
-  time.Sleep(time.Duration(100) * time.Millisecond)
+	//sleep
+	time.Sleep(time.Duration(100) * time.Millisecond)
 
 	//list
 	listInput := &ListInput{}