From 744e9b72d8a3dbea5d6bfbea4febd4301ae21fd2 Mon Sep 17 00:00:00 2001 From: gioelecerati Date: Wed, 16 Aug 2023 17:01:36 +0200 Subject: [PATCH 1/3] auth: fix for usage per id --- api/authorization.go | 10 +++++++++- api/handler.go | 14 ++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/api/authorization.go b/api/authorization.go index ec6d2a1..713b79e 100644 --- a/api/authorization.go +++ b/api/authorization.go @@ -37,7 +37,8 @@ var ( Transport: promhttp.InstrumentRoundTripperDuration(authRequestDuration, http.DefaultTransport), } - userIdContextKey = &struct{}{} + userIdContextKey = &struct{}{} + isCallerAdminContextKey = "isCallerAdmin" ) func authorization(authUrl string) middleware { @@ -85,6 +86,13 @@ func authorization(authUrl string) middleware { if userID := authRes.Header.Get("X-Livepeer-User-Id"); userID != "" { ctx := context.WithValue(r.Context(), userIdContextKey, userID) + fmt.Sprintf("userIdContextKey=%s", userIdContextKey) + r = r.WithContext(ctx) + } + + if isCallerAdmin := authRes.Header.Get("X-Livepeer-Is-Caller-Admin"); isCallerAdmin != "" { + ctx := context.WithValue(r.Context(), isCallerAdminContextKey, isCallerAdmin) + fmt.Sprintf("isCallerAdminContextKey=%s", isCallerAdminContextKey) r = r.WithContext(ctx) } diff --git a/api/handler.go b/api/handler.go index 535c2aa..e8748ce 100644 --- a/api/handler.go +++ b/api/handler.go @@ -320,6 +320,20 @@ func (h *apiHandler) queryUsage() http.HandlerFunc { return } + isCallerAdmin, ok := r.Context().Value(isCallerAdminContextKey).(string) + + if qs := r.URL.Query(); qs.Has("userId") { + if !ok { + respondError(rw, http.StatusInternalServerError, errors.New("request not authenticated - cannot retrieve usage for other users")) + return + } + if isCallerAdmin != "true" { + respondError(rw, http.StatusForbidden, errors.New("only admins can query usage for other users")) + return + } + userId = qs.Get("userId") + } + qs := r.URL.Query() creatorId := qs.Get("creatorId") From 82547a8c52928d0e791377a692142b5c64a4c410 Mon Sep 17 00:00:00 2001 From: gioelecerati Date: Wed, 16 Aug 2023 17:04:23 +0200 Subject: [PATCH 2/3] auth: specified type --- api/authorization.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/api/authorization.go b/api/authorization.go index 713b79e..265610e 100644 --- a/api/authorization.go +++ b/api/authorization.go @@ -37,10 +37,14 @@ var ( Transport: promhttp.InstrumentRoundTripperDuration(authRequestDuration, http.DefaultTransport), } - userIdContextKey = &struct{}{} - isCallerAdminContextKey = "isCallerAdmin" + userIdContextKey = &contextKeys{"userId"} + isCallerAdminContextKey = &contextKeys{"isCallerAdmin"} ) +type contextKeys struct { + str string +} + func authorization(authUrl string) middleware { return inlineMiddleware(func(rw http.ResponseWriter, r *http.Request, next http.Handler) { ctx, cancel := context.WithTimeout(r.Context(), authTimeout) From 266ce5d39829330dd9afd2d044eaac76f934264c Mon Sep 17 00:00:00 2001 From: gioelecerati Date: Thu, 17 Aug 2023 05:26:30 +0200 Subject: [PATCH 3/3] removed logs --- api/authorization.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/api/authorization.go b/api/authorization.go index 265610e..960f20c 100644 --- a/api/authorization.go +++ b/api/authorization.go @@ -90,13 +90,11 @@ func authorization(authUrl string) middleware { if userID := authRes.Header.Get("X-Livepeer-User-Id"); userID != "" { ctx := context.WithValue(r.Context(), userIdContextKey, userID) - fmt.Sprintf("userIdContextKey=%s", userIdContextKey) r = r.WithContext(ctx) } if isCallerAdmin := authRes.Header.Get("X-Livepeer-Is-Caller-Admin"); isCallerAdmin != "" { ctx := context.WithValue(r.Context(), isCallerAdminContextKey, isCallerAdmin) - fmt.Sprintf("isCallerAdminContextKey=%s", isCallerAdminContextKey) r = r.WithContext(ctx) }