sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-18 08:16:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Replace gRPC errors in business logic with internal ones (#558)

Browse Source
This commit is contained in:
Misha Bragin
2022-11-11 20:36:45 +01:00
committed by GitHub
parent 1db4027bea
commit 509d23c7cf
35 changed files with 768 additions and 847 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
management/server/http/middleware/access_control.go
View File

@@ -1,7 +1,8 @@
package middleware
import (
"fmt"
"github.com/netbirdio/netbird/management/server/http/util"
"github.com/netbirdio/netbird/management/server/status"
"net/http"
"github.com/netbirdio/netbird/management/server/jwtclaims"
@@ -33,14 +34,15 @@ func (a *AccessControl) Handler(h http.Handler) http.Handler {
ok, err := a.isUserAdmin(jwtClaims)
if err != nil {
http.Error(w, fmt.Sprintf("error get user from JWT: %v", err), http.StatusUnauthorized)
util.WriteError(status.Errorf(status.Unauthorized, "invalid JWT"), w)
return
}
if !ok {
switch r.Method {
case http.MethodDelete, http.MethodPost, http.MethodPatch, http.MethodPut:
http.Error(w, "user is not admin", http.StatusForbidden)
util.WriteError(status.Errorf(status.PermissionDenied, "only admin can perform this operation"), w)
return
}
}

7
management/server/http/middleware/handler.go
View File

@@ -7,12 +7,12 @@ import (
"net/http"
)
//Jwks is a collection of JSONWebKeys obtained from Config.HttpServerConfig.AuthKeysLocation
// Jwks is a collection of JSONWebKeys obtained from Config.HttpServerConfig.AuthKeysLocation
type Jwks struct {
Keys []JSONWebKeys `json:"keys"`
}
//JSONWebKeys is a representation of a Jason Web Key
// JSONWebKeys is a representation of a Jason Web Key
type JSONWebKeys struct {
Kty string `json:"kty"`
Kid string `json:"kid"`
@@ -22,7 +22,7 @@ type JSONWebKeys struct {
X5c []string `json:"x5c"`
}
//NewJwtMiddleware creates new middleware to verify the JWT token sent via Authorization header
// NewJwtMiddleware creates new middleware to verify the JWT token sent via Authorization header
func NewJwtMiddleware(issuer string, audience string, keysLocation string) (*JWTMiddleware, error) {
keys, err := getPemKeys(keysLocation)
@@ -66,7 +66,6 @@ func getPemKeys(keysLocation string) (*Jwks, error) {
var jwks = &Jwks{}
err = json.NewDecoder(resp.Body).Decode(jwks)
if err != nil {
return jwks, err
}

4
management/server/http/middleware/jwt.go
View File

@@ -5,6 +5,8 @@ import (
"errors"
"fmt"
"github.com/golang-jwt/jwt"
"github.com/netbirdio/netbird/management/server/http/util"
"github.com/netbirdio/netbird/management/server/status"
"log"
"net/http"
"strings"
@@ -57,7 +59,7 @@ type JWTMiddleware struct {
}
func OnError(w http.ResponseWriter, r *http.Request, err string) {
http.Error(w, err, http.StatusUnauthorized)
util.WriteError(status.Errorf(status.Unauthorized, ""), w)
}
// New constructs a new Secure instance with supplied options.