From ccc99a49a07da43f6de46c90b2e95a866b597f43 Mon Sep 17 00:00:00 2001 From: Ishika_Gopie Date: Mon, 18 Mar 2024 13:51:52 -0400 Subject: [PATCH 1/3] feature WS-579: added log lines to the auth initializer * made it so that the auth initializer would check if a user is nil first before adding it to the policy --- controllers/rest/operation_initializers.go | 34 +++++++++++++++------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/controllers/rest/operation_initializers.go b/controllers/rest/operation_initializers.go index a4fb2875..92924cb4 100644 --- a/controllers/rest/operation_initializers.go +++ b/controllers/rest/operation_initializers.go @@ -18,7 +18,7 @@ import ( "strings" ) -//ContextInitializer add context middleware to path +// ContextInitializer add context middleware to path func ContextInitializer(ctxt context.Context, api Container, path string, method string, swagger *openapi3.Swagger, pathItem *openapi3.PathItem, operation *openapi3.Operation) (context.Context, error) { middlewares := GetOperationMiddlewares(ctxt) contextMiddleware, err := api.GetMiddleware("Context") @@ -30,12 +30,18 @@ func ContextInitializer(ctxt context.Context, api Container, path string, method return ctxt, nil } -//AuthorizationInitializer setup authorization +// AuthorizationInitializer setup authorization func AuthorizationInitializer(ctxt context.Context, tapi Container, path string, method string, swagger *openapi3.Swagger, pathItem *openapi3.PathItem, operation *openapi3.Operation) (context.Context, error) { if authRaw, ok := operation.Extensions[AuthorizationConfigExtension]; ok { var enforcer *casbin.Enforcer var err error + //get default logger + log, err := tapi.GetLog("Default") + if err != nil { + return ctxt, err + } + //update path so that the open api way of specifying url parameters is change to wildcards. This is to support the casbin policy //note ideal we would use the open api way of specifying url parameters but this is not supported by casbin re := regexp.MustCompile(`\{([a-zA-Z0-9\-_]+?)\}`) @@ -78,10 +84,14 @@ m = r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act) //setup users if u, ok := allowRules.(map[string]interface{})["users"]; ok { for _, user := range u.([]interface{}) { + if user == nil { + log.Warnf("user is nil on path '%s' for method '%s'", path, method) + continue + } var success bool success, err = enforcer.AddPolicy(user.(string), path, method) if !success { - //TODO show warning to developer or something + log.Warnf("unable to add policy for user '%s' on path '%s' for method '%s'", user, path, method) } } } @@ -89,9 +99,13 @@ m = r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act) if u, ok := allowRules.(map[string]interface{})["roles"]; ok { for _, user := range u.([]interface{}) { var success bool + if user == nil { + log.Warnf("user is nil on path '%s' for method '%s'", path, method) + continue + } success, err = enforcer.AddPolicy(user.(string), path, method) if !success { - //TODO show warning to developer or something + log.Warnf("unable to add policy for role '%s' on path '%s' for method '%s'", user, path, method) } } } @@ -102,7 +116,7 @@ m = r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act) return ctxt, nil } -//EntityRepositoryInitializer setups the EntityFactory for a specific route +// EntityRepositoryInitializer setups the EntityFactory for a specific route func EntityRepositoryInitializer(ctxt context.Context, api Container, path string, method string, swagger *openapi3.Swagger, pathItem *openapi3.PathItem, operation *openapi3.Operation) (context.Context, error) { jsonSchema := operation.ExtensionProps.Extensions[SchemaExtension] if jsonSchema != nil { @@ -218,7 +232,7 @@ func EntityRepositoryInitializer(ctxt context.Context, api Container, path strin return ctxt, nil } -//UserDefinedInitializer adds user defined middleware, controller, command dispatchers and event store to the initialize context +// UserDefinedInitializer adds user defined middleware, controller, command dispatchers and event store to the initialize context func UserDefinedInitializer(ctxt context.Context, tapi Container, path string, method string, swagger *openapi3.Swagger, pathItem *openapi3.PathItem, operation *openapi3.Operation) (context.Context, error) { api := tapi.(*RESTAPI) //if the controller extension is set then add controller to the context @@ -318,7 +332,7 @@ func UserDefinedInitializer(ctxt context.Context, tapi Container, path string, m return ctxt, nil } -//StandardInitializer adds standard controller and middleware if not already setup +// StandardInitializer adds standard controller and middleware if not already setup func StandardInitializer(ctxt context.Context, tapi Container, path string, method string, swagger *openapi3.Swagger, pathItem *openapi3.PathItem, operation *openapi3.Operation) (context.Context, error) { api := tapi.(*RESTAPI) if GetOperationController(ctxt) == nil { @@ -625,7 +639,7 @@ func StandardInitializer(ctxt context.Context, tapi Container, path string, meth return ctxt, nil } -//RouteInitializer creates route using information in the initialization context +// RouteInitializer creates route using information in the initialization context func RouteInitializer(ctxt context.Context, tapi Container, path string, method string, swagger *openapi3.Swagger, pathItem *openapi3.PathItem, operation *openapi3.Operation) (context.Context, error) { var err error @@ -761,7 +775,7 @@ func GetOperationProjections(ctx context.Context) []model.Projection { return nil } -//GetEntityRepository get the configured event factory from the context +// GetEntityRepository get the configured event factory from the context func GetEntityRepository(ctx context.Context) model.EntityRepository { if value, ok := ctx.Value(weoscontext.ENTITY_REPOSITORY).(model.EntityRepository); ok { return value @@ -769,7 +783,7 @@ func GetEntityRepository(ctx context.Context) model.EntityRepository { return nil } -//GetSchemaBuilders get a map of the dynamic struct builders for the schemas from the context +// GetSchemaBuilders get a map of the dynamic struct builders for the schemas from the context func GetSchemaBuilders(ctx context.Context) map[string]ds.Builder { if value, ok := ctx.Value(weoscontext.SCHEMA_BUILDERS).(map[string]ds.Builder); ok { return value From fc450958c73090b1ab875cef2becf169c2b9827c Mon Sep 17 00:00:00 2001 From: Ishika_Gopie Date: Mon, 18 Mar 2024 14:05:47 -0400 Subject: [PATCH 2/3] feature WS-579: added log lines to the auth initializer * made it so that the auth initializer would check if a user is nil first before adding it to the policy --- controllers/rest/operation_initializers.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/rest/operation_initializers.go b/controllers/rest/operation_initializers.go index 92924cb4..10ccf496 100644 --- a/controllers/rest/operation_initializers.go +++ b/controllers/rest/operation_initializers.go @@ -91,7 +91,7 @@ m = r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act) var success bool success, err = enforcer.AddPolicy(user.(string), path, method) if !success { - log.Warnf("unable to add policy for user '%s' on path '%s' for method '%s'", user, path, method) + //TODO show warning to developer or something } } } @@ -105,7 +105,7 @@ m = r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act) } success, err = enforcer.AddPolicy(user.(string), path, method) if !success { - log.Warnf("unable to add policy for role '%s' on path '%s' for method '%s'", user, path, method) + //TODO show warning to developer or something } } } From 8bf266969f2721871be7dee549f5df9b0ed1a14d Mon Sep 17 00:00:00 2001 From: Ishika_Gopie Date: Mon, 18 Mar 2024 15:02:45 -0400 Subject: [PATCH 3/3] feature WS-579: added panic handling to the auth initializer --- controllers/rest/operation_initializers.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/controllers/rest/operation_initializers.go b/controllers/rest/operation_initializers.go index 10ccf496..45defee1 100644 --- a/controllers/rest/operation_initializers.go +++ b/controllers/rest/operation_initializers.go @@ -15,6 +15,7 @@ import ( "golang.org/x/net/context" "net/http" "regexp" + "runtime/debug" "strings" ) @@ -42,6 +43,12 @@ func AuthorizationInitializer(ctxt context.Context, tapi Container, path string, return ctxt, err } + defer func() { + if err1 := recover(); err1 != nil { + log.Error("panic occurred ", string(debug.Stack())) + } + }() + //update path so that the open api way of specifying url parameters is change to wildcards. This is to support the casbin policy //note ideal we would use the open api way of specifying url parameters but this is not supported by casbin re := regexp.MustCompile(`\{([a-zA-Z0-9\-_]+?)\}`)