From 73039cc4deb732a28efae65e3fe22d677c9494a2 Mon Sep 17 00:00:00 2001 From: Francesco Ilario Date: Thu, 29 Aug 2024 10:18:55 +0200 Subject: [PATCH] use unsecured in ensureUserIsNotBanned Middleware Signed-off-by: Francesco Ilario --- pkg/proxy/proxy.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pkg/proxy/proxy.go b/pkg/proxy/proxy.go index 906fbbb8..e1529b27 100644 --- a/pkg/proxy/proxy.go +++ b/pkg/proxy/proxy.go @@ -119,6 +119,7 @@ func (p *Proxy) StartProxy(port string) *http.Server { return next(ctx) } }, + p.ensureUserIsNotBanned(), ) // middleware after routing @@ -138,7 +139,7 @@ func (p *Proxy) StartProxy(port string) *http.Server { ) // routes - wg := router.Group("/apis/toolchain.dev.openshift.com/v1alpha1/workspaces", p.ensureUserIsNotBanned()) + wg := router.Group("/apis/toolchain.dev.openshift.com/v1alpha1/workspaces") // Space lister routes wg.GET("/:workspace", handlers.HandleSpaceGetRequest(p.spaceLister, p.getMembersFunc)) wg.GET("", handlers.HandleSpaceListRequest(p.spaceLister)) @@ -158,7 +159,7 @@ func (p *Proxy) StartProxy(port string) *http.Server { router.Any(fmt.Sprintf("%s*", openidAuthEndpoint()), p.openidAuth) // <- this is the step 5 in the flow above router.Any(fmt.Sprintf("%s*", authEndpoint), p.auth) // <- this is the step 7. // The main proxy route - router.Any("/*", p.handleRequestAndRedirect, p.ensureUserIsNotBanned()) + router.Any("/*", p.handleRequestAndRedirect) // Insert the CORS preflight middleware handler := corsPreflightHandler(router) @@ -409,6 +410,10 @@ func (p *Proxy) addUserContext() echo.MiddlewareFunc { func (p *Proxy) ensureUserIsNotBanned() echo.MiddlewareFunc { return func(next echo.HandlerFunc) echo.HandlerFunc { return func(ctx echo.Context) error { + if unsecured(ctx) { // skip only for unsecured endpoints + return next(ctx) + } + errorResponse := func(err *crterrors.Error) error { ctx.Logger().Error(errs.Wrap(err, "workspace list error")) ctx.Response().Writer.Header().Set("Content-Type", "application/json")