You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@servicecomb.apache.org by GitBox <gi...@apache.org> on 2020/07/15 02:33:56 UTC

[GitHub] [servicecomb-service-center] humingcheng opened a new pull request #667: Change auth white list apis

humingcheng opened a new pull request #667:
URL: https://github.com/apache/servicecomb-service-center/pull/667


   Follow this checklist to help us incorporate your contribution quickly and easily:
   
    - [ ] Make sure there is a [JIRA issue](https://issues.apache.org/jira/browse/SCB) filed for the change (usually before you start working on it).  Trivial changes like typos do not require a JIRA issue.  Your pull request should address just this issue, without pulling in other changes.
    - [ ] Each commit in the pull request should have a meaningful subject line and body.
    - [ ] Format the pull request title like `[SCB-XXX] Fixes bug in ApproximateQuantiles`, where you replace `SCB-XXX` with the appropriate JIRA issue.
    - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
    - [ ] Run `go build` `go test` `go fmt` `go vet` to make sure basic checks pass. A more thorough check will be performed on your pull request automatically.
    - [ ] If this contribution is large, please file an Apache [Individual Contributor License Agreement](https://www.apache.org/licenses/icla.pdf).
   
   ---
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] tianxiaoliang commented on a change in pull request #667: Change auth white list apis

Posted by GitBox <gi...@apache.org>.

tianxiaoliang commented on a change in pull request #667:
URL: https://github.com/apache/servicecomb-service-center/pull/667#discussion_r454772411



##########
File path: server/service/rbac/rbac.go
##########
@@ -66,7 +66,10 @@ func Init() {
 	}
 	readPrivateKey()
 	readPublicKey()
-	rbacframe.Add2WhiteAPIList("/health", "/version", "/v4/token")
+	rbacframe.Add2WhiteAPIList(
+		"/v4/:project/govern/microservices",

Review comment:
       还有/v4/:project/govern/microservices这个api等于是暴露了所有的微服务，实际上是个安全漏洞




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] humingcheng commented on a change in pull request #667: Change auth white list apis

Posted by GitBox <gi...@apache.org>.

humingcheng commented on a change in pull request #667:
URL: https://github.com/apache/servicecomb-service-center/pull/667#discussion_r454814857



##########
File path: server/service/rbac/rbac.go
##########
@@ -66,7 +66,10 @@ func Init() {
 	}
 	readPrivateKey()
 	readPublicKey()
-	rbacframe.Add2WhiteAPIList("/health", "/version", "/v4/token")
+	rbacframe.Add2WhiteAPIList(
+		"/v4/:project/govern/microservices",

Review comment:
       生效，我在ut里加了测试。




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] humingcheng commented on a change in pull request #667: Change auth white list apis

Posted by GitBox <gi...@apache.org>.

humingcheng commented on a change in pull request #667:
URL: https://github.com/apache/servicecomb-service-center/pull/667#discussion_r454783333



##########
File path: server/service/rbac/rbac.go
##########
@@ -66,7 +66,10 @@ func Init() {
 	}
 	readPrivateKey()
 	readPublicKey()
-	rbacframe.Add2WhiteAPIList("/health", "/version", "/v4/token")
+	rbacframe.Add2WhiteAPIList(
+		"/v4/:project/govern/microservices",

Review comment:
       这里统一判断了/version和/health：
   https://github.com/apache/servicecomb-service-center/blob/ed18b91158a3306d8901829954024bad4d45dc8c/server/handler/context/context.go#L57-L66
   




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] tianxiaoliang commented on a change in pull request #667: Change auth white list apis

Posted by GitBox <gi...@apache.org>.

tianxiaoliang commented on a change in pull request #667:
URL: https://github.com/apache/servicecomb-service-center/pull/667#discussion_r454769335



##########
File path: server/service/rbac/rbac.go
##########
@@ -66,7 +66,10 @@ func Init() {
 	}
 	readPrivateKey()
 	readPublicKey()
-	rbacframe.Add2WhiteAPIList("/health", "/version", "/v4/token")
+	rbacframe.Add2WhiteAPIList(
+		"/v4/:project/govern/microservices",

Review comment:
       为何删除version和health




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] tianxiaoliang commented on a change in pull request #667: Change auth white list apis

Posted by GitBox <gi...@apache.org>.

tianxiaoliang commented on a change in pull request #667:
URL: https://github.com/apache/servicecomb-service-center/pull/667#discussion_r454813702



##########
File path: server/service/rbac/rbac.go
##########
@@ -66,7 +66,10 @@ func Init() {
 	}
 	readPrivateKey()
 	readPublicKey()
-	rbacframe.Add2WhiteAPIList("/health", "/version", "/v4/token")
+	rbacframe.Add2WhiteAPIList(
+		"/v4/:project/govern/microservices",

Review comment:
       这个代码确定能生效么？应该跳不过认证




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [servicecomb-service-center] tianxiaoliang merged pull request #667: Change auth white list apis

Posted by GitBox <gi...@apache.org>.

tianxiaoliang merged pull request #667:
URL: https://github.com/apache/servicecomb-service-center/pull/667


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org