Inception using Api Keys by config#34
Conversation
| return func(next box.H) box.H { | ||
| return func(ctx context.Context) { | ||
|
|
||
| if apiKey == "" && apiSecret == "" { |
There was a problem hiding this comment.
Why letting the user pass if no credentials?
There was a problem hiding this comment.
If InceptionDB has been started without api-key then we let the user continue. Some other system will take care of this, or it is a none credentials needed scenario (testing).
It is not mandatory, as it is not in the current version.
api/0_interceptors.go
Outdated
| if key != apiKey || secret != apiSecret { | ||
| w := box.GetResponse(ctx) | ||
| w.WriteHeader(http.StatusUnauthorized) | ||
| PrettyError{ |
There was a problem hiding this comment.
No need to marshal and return response at this point. The error should be set (box SetError) so that anyone can marshal in other formats (html, json, xml...)
| }) | ||
| } | ||
|
|
||
| func (p PrettyError) MarshalTo(w io.Writer) error { |
| e.Encode(c) | ||
| } | ||
|
|
||
| if c.ApiKey == "" || c.ApiSecret == "" { |
There was a problem hiding this comment.
I wouldnt put a warning, just a log saying Auth: disabled or enabled
| WithActions( | ||
| box.Get(statics.ServeStatics(staticsDir)).WithName("serveStatics"), | ||
| ) | ||
| if !hideUI { |
There was a problem hiding this comment.
Why hiding UI? Maybe we should allow to introduce input api-key/api-secret from the UI
There was a problem hiding this comment.
It is done as well.
alfonsocantos
left a comment
alfonsocantos
left a comment
There was a problem hiding this comment.
I have done some of the comments.
| return func(next box.H) box.H { | ||
| return func(ctx context.Context) { | ||
|
|
||
| if apiKey == "" && apiSecret == "" { |
There was a problem hiding this comment.
If InceptionDB has been started without api-key then we let the user continue. Some other system will take care of this, or it is a none credentials needed scenario (testing).
It is not mandatory, as it is not in the current version.
| }) | ||
| } | ||
|
|
||
| func (p PrettyError) MarshalTo(w io.Writer) error { |
| WithActions( | ||
| box.Get(statics.ServeStatics(staticsDir)).WithName("serveStatics"), | ||
| ) | ||
| if !hideUI { |
There was a problem hiding this comment.
It is done as well.
|
Fixing Unauthorized Error in progress... |
|
done ... I guess |
2 participants
No description provided.