You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/02/05 04:41:47 UTC

[GitHub] [apisix-dashboard] starsz commented on a change in pull request #1429: fix: change the /version to /apisix/admin/tool/version

starsz commented on a change in pull request #1429:
URL: https://github.com/apache/apisix-dashboard/pull/1429#discussion_r570716382



##########
File path: api/internal/filter/authentication.go
##########
@@ -45,50 +45,55 @@ func (mw *AuthenticationMiddleware) Handle(ctx droplet.Context) error {
 
 	req := httpReq.(*http.Request)
 
-	if req.URL.Path != "/apisix/admin/user/login" && strings.HasPrefix(req.URL.Path, "/apisix") {
-		tokenStr := req.Header.Get("Authorization")
-
-		// verify token
-		token, err := jwt.ParseWithClaims(tokenStr, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
-			return []byte(conf.AuthConf.Secret), nil
-		})
-
-		// TODO: design the response error code
-		response := data.Response{Code: 010013, Message: "request unauthorized"}
-
-		if err != nil || token == nil || !token.Valid {
-			log.Warnf("token validate failed: %s", err)
-			ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
-			return nil
-		}
-
-		claims, ok := token.Claims.(*jwt.StandardClaims)
-		if !ok {
-			log.Warnf("token validate failed: %s, %v", err, token.Valid)
-			ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
-			return nil
-		}
-
-		if err := token.Claims.Valid(); err != nil {
-			log.Warnf("token claims validate failed: %s", err)
-			ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
-			return nil
-		}
-
-		if claims.Subject == "" {
-			log.Warn("token claims subject empty")
-			ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
-			return nil
-		}
-
-		if _, ok := conf.UserList[claims.Subject]; !ok {
-			log.Warnf("user not exists by token claims subject %s", claims.Subject)
-			ctx.SetOutput(&data.SpecCodeResponse{StatusCode: http.StatusUnauthorized, Response: response})
-			return nil
-		}
+	if req.URL.Path == "/apisix/admin/tool/version" || req.URL.Path == "/apisix/admin/user/login" {
+		return mw.BaseMiddleware.Handle(ctx)
+	}
 
+	if !strings.HasPrefix(req.URL.Path, "/apisix") {
 		return mw.BaseMiddleware.Handle(ctx)
 	}
 
+	// Need check the auth header
+	tokenStr := req.Header.Get("Authorization")
+
+	// verify token
+	token, err := jwt.ParseWithClaims(tokenStr, &jwt.StandardClaims{}, func(token *jwt.Token) (interface{}, error) {
+		return []byte(conf.AuthConf.Secret), nil
+	})
+
+	// TODO: design the response error code

Review comment:
       Yes.It's created already.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org