cloudapi: add EnsureJobChannel() middleware to verify job channel
Add `EnsureJobChannel()` middleware method, intended for `compose/<id>` endpoints. Its purpose is to ensure that the tenant channel set in the request `echo.Context` matches the tenant channel associated with the compose. In case of mismatch, `404` is returned. Add `JobChannel()` method to the worker server implementation for requesting channel associated with the job.
This commit is contained in:
Tomas Hozza
Tom Gundersen
parent
c5e1c15cca
commit
fc7d090498
2 changed files with 37 additions and 0 deletions
|
|
@ -1,7 +1,10 @@
|
|||
package v2
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/getkin/kin-openapi/openapi3filter"
|
||||
"github.com/google/uuid"
|
||||
"github.com/labstack/echo/v4"
|
||||
"github.com/osbuild/osbuild-composer/internal/auth"
|
||||
)
|
||||
|
|
@ -21,6 +24,35 @@ func (s *Server) getTenantChannel(ctx echo.Context) (string, error) {
|
|||
return channel, nil
|
||||
}
|
||||
|
||||
type ComposeHandlerFunc func(ctx echo.Context, id string) error
|
||||
|
||||
// Ensures that the job's channel matches the JWT cannel set in the echo.Context
|
||||
func (s *Server) EnsureJobChannel(next ComposeHandlerFunc) ComposeHandlerFunc {
|
||||
return func(c echo.Context, id string) error {
|
||||
jobId, err := uuid.Parse(id)
|
||||
if err != nil {
|
||||
return HTTPError(ErrorInvalidComposeId)
|
||||
}
|
||||
|
||||
ctxChannel, err := s.getTenantChannel(c)
|
||||
if err != nil {
|
||||
return HTTPErrorWithInternal(ErrorTenantNotFound, err)
|
||||
}
|
||||
|
||||
jobChannel, err := s.workers.JobChannel(jobId)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
return HTTPErrorWithInternal(ErrorComposeNotFound, err)
|
||||
}
|
||||
|
||||
if jobChannel != ctxChannel {
|
||||
return HTTPError(ErrorComposeNotFound)
|
||||
}
|
||||
|
||||
return next(c, id)
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Server) ValidateRequest(next echo.HandlerFunc) echo.HandlerFunc {
|
||||
return func(c echo.Context) error {
|
||||
request := c.Request()
|
||||
|
|
|
|||
|
|
@ -410,6 +410,11 @@ func (s *Server) OSBuildKojiJob(id uuid.UUID, job *OSBuildKojiJob) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) JobChannel(id uuid.UUID) (string, error) {
|
||||
_, _, _, channel, err := s.jobs.Job(id)
|
||||
return channel, err
|
||||
}
|
||||
|
||||
// JobType returns the type of the job
|
||||
func (s *Server) JobType(id uuid.UUID) (string, error) {
|
||||
jobType, _, _, _, err := s.jobs.Job(id)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue