jamesread 3 лет назад
Родитель
Сommit
e9fbcce220
2 измененных файлов с 23 добавлено и 13 удалено
  1. 17 11
      internal/acl/acl.go
  2. 6 2
      internal/httpservers/restapi.go

+ 17 - 11
internal/acl/acl.go

@@ -92,22 +92,28 @@ func buildUserAcls(cfg *config.Config, user *AuthenticatedUser) {
 	}
 }
 
+func isACLRelevant(cfg *config.Config, actionAcls []string, acl config.AccessControlList, user *AuthenticatedUser) bool {
+	if !slices.Contains(user.acls, acl.Name) {
+		return false
+	}
+
+	if acl.AddToEveryAction {
+		return true
+	}
+
+	if slices.Contains(actionAcls, acl.Name) {
+		return true
+	}
+
+	return false
+}
+
 func getRelevantAcls(cfg *config.Config, actionAcls []string, user *AuthenticatedUser) []*config.AccessControlList {
 	var ret []*config.AccessControlList
 
 	for _, acl := range cfg.AccessControlLists {
-		if !slices.Contains(user.acls, acl.Name) {
-			continue
-		}
-
-		if acl.AddToEveryAction {
-			ret = append(ret, &acl)
-			continue
-		}
-
-		if slices.Contains(actionAcls, acl.Name) {
+		if isACLRelevant(cfg, actionAcls, acl, user) {
 			ret = append(ret, &acl)
-			continue
 		}
 	}
 

+ 6 - 2
internal/httpservers/restapi.go

@@ -23,8 +23,8 @@ var (
 	cfg *config.Config
 )
 
-func getClaimsFromJwtToken(cookieValue string) (jwt.MapClaims, error) {
-	token, err := jwt.Parse(cookieValue, func(token *jwt.Token) (interface{}, error) {
+func parseToken(cookieValue string) (*jwt.Token, error) {
+	return jwt.Parse(cookieValue, func(token *jwt.Token) (interface{}, error) {
 		// Don't forget to validate the alg is what you expect:
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
@@ -33,6 +33,10 @@ func getClaimsFromJwtToken(cookieValue string) (jwt.MapClaims, error) {
 		// hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key")
 		return []byte(cfg.AuthJwtSecret), nil
 	})
+}
+
+func getClaimsFromJwtToken(cookieValue string) (jwt.MapClaims, error) {
+	token, err := parseToken(cookieValue)
 
 	if err != nil {
 		log.Errorf("jwt parse failure: %v", err)