feat: Add wildcard auth middleware paths (#24)

* chore: add concurrent route health check requests * feat: Add wildcard auth middleware paths * fix: bind privileged port permission denied on Kubernetes for nonroot user
2024-11-02 11:55:37 +01:00
parent 778a098bdc
commit fe81ac7324
14 changed files with 243 additions and 17 deletions
--- a/pkg/middleware/access-middleware.go
+++ b/pkg/middleware/access-middleware.go
@@ -30,13 +30,13 @@ func (blockList AccessListMiddleware) AccessMiddleware(next http.Handler) http.H
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		for _, block := range blockList.List {
 			if isPathBlocked(r.URL.Path, util.ParseURLPath(blockList.Path+block)) {
-				logger.Debug("%s: %s access forbidden", getRealIP(r), r.URL.Path)
+				logger.Error("%s: %s access forbidden", getRealIP(r), r.URL.Path)
 				w.Header().Set("Content-Type", "application/json")
-				w.WriteHeader(http.StatusNotFound)
+				w.WriteHeader(http.StatusForbidden)
 				err := json.NewEncoder(w).Encode(ProxyResponseError{
 					Success: false,
-					Code:    http.StatusNotFound,
-					Message: fmt.Sprintf("Not found: %s", r.URL.Path),
+					Code:    http.StatusForbidden,
+					Message: fmt.Sprintf("You do not have permission to access this resource"),
 				})
 				if err != nil {
 					return
--- a/pkg/middleware/error-interceptor.go
+++ b/pkg/middleware/error-interceptor.go
@@ -57,11 +57,9 @@ func (intercept InterceptErrors) ErrorInterceptor(next http.Handler) http.Handle
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		rec := newResponseRecorder(w)
 		next.ServeHTTP(rec, r)
-		//Set Server name
-		w.Header().Set("Server", "Goma")
 		if canIntercept(rec.statusCode, intercept.Errors) {
-			logger.Debug("Backend error intercepted")
-			logger.Debug("An error occurred in the backend, %d", rec.statusCode)
+			logger.Error("Backend error")
+			logger.Error("An error occurred in the backend, %d", rec.statusCode)
 			w.Header().Set("Content-Type", "application/json")
 			w.WriteHeader(rec.statusCode)
 			err := json.NewEncoder(w).Encode(ProxyResponseError{
--- a/pkg/middleware/middleware.go
+++ b/pkg/middleware/middleware.go
@@ -104,10 +104,10 @@ func (jwtAuth JwtAuth) AuthMiddleware(next http.Handler) http.Handler {
 			if r.Header.Get(header) == "" {
 				logger.Error("Proxy error, missing %s header", header)
 				w.Header().Set("Content-Type", "application/json")
-				w.WriteHeader(http.StatusForbidden)
+				w.WriteHeader(http.StatusUnauthorized)
 				err := json.NewEncoder(w).Encode(ProxyResponseError{
-					Message: "Missing Authorization header",
-					Code:    http.StatusForbidden,
+					Message: http.StatusText(http.StatusUnauthorized),
+					Code:    http.StatusUnauthorized,
 					Success: false,
 				})
 				if err != nil {
--- a/pkg/middleware/rate-limiter.go
+++ b/pkg/middleware/rate-limiter.go
@@ -66,7 +66,7 @@ func (rl *RateLimiter) RateLimitMiddleware() mux.MiddlewareFunc {
 			rl.mu.Unlock()

 			if client.RequestCount > rl.Requests {
-				logger.Debug("Too many request from IP: %s %s %s", clientID, r.URL, r.UserAgent())
+				logger.Error("Too many request from IP: %s %s %s", clientID, r.URL, r.UserAgent())
 				w.Header().Set("Content-Type", "application/json")
 				w.WriteHeader(http.StatusTooManyRequests)
 				err := json.NewEncoder(w).Encode(ProxyResponseError{