github_mirrors/go-zero
1
0
Fork 0
mirror of https://github.com/zeromicro/go-zero.git synced 2025-02-02 16:28:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix panic on auth

Browse Source
This commit is contained in:
kevin 2020-07-30 16:22:18 +08:00
parent e56ebf1f72
commit 53973bc0f7
2 changed files with 30 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
ngin/handler/authhandler.go
View File

@ -2,6 +2,7 @@ package handler
import (
"context"
"errors"
"net/http"
"net/http/httputil"
@ -12,13 +13,19 @@ import (
)
const (
jwtAudience = "aud"
jwtExpire = "exp"
jwtId = "jti"
jwtIssueAt = "iat"
jwtIssuer = "iss"
jwtNotBefore = "nbf"
jwtSubject = "sub"
jwtAudience = "aud"
jwtExpire = "exp"
jwtId = "jti"
jwtIssueAt = "iat"
jwtIssuer = "iss"
jwtNotBefore = "nbf"
jwtSubject = "sub"
noDetailReason = "no detail reason"
)
var (
errInvalidToken = errors.New("invalid auth token")
errNoClaims = errors.New("no auth params")
)
type (
@ -47,13 +54,13 @@ func Authorize(secret string, opts ...AuthorizeOption) func(http.Handler) http.H
}
if !token.Valid {
unauthorized(w, r, err, authOpts.Callback)
unauthorized(w, r, errInvalidToken, authOpts.Callback)
return
}
claims, ok := token.Claims.(jwt.MapClaims)
if !ok {
unauthorized(w, r, err, authOpts.Callback)
unauthorized(w, r, errNoClaims, authOpts.Callback)
return
}
@ -93,10 +100,15 @@ func detailAuthLog(r *http.Request, reason string) {
func unauthorized(w http.ResponseWriter, r *http.Request, err error, callback UnauthorizedCallback) {
writer := newGuardedResponseWriter(w)
detailAuthLog(r, err.Error())
if err != nil {
detailAuthLog(r, err.Error())
} else {
detailAuthLog(r, noDetailReason)
}
if callback != nil {
callback(writer, r, err)
}
writer.WriteHeader(http.StatusUnauthorized)
}

8
ngin/handler/authhandler_test.go
View File

@ -75,6 +75,14 @@ func TestAuthHandlerWithPrevSecret(t *testing.T) {
assert.Equal(t, "content", resp.Body.String())
}
func TestAuthHandler_NilError(t *testing.T) {
req := httptest.NewRequest(http.MethodGet, "http://localhost", nil)
resp := httptest.NewRecorder()
assert.NotPanics(t, func() {
unauthorized(resp, req, nil, nil)
})
}
func buildToken(secretKey string, payloads map[string]interface{}, seconds int64) (string, error) {
now := time.Now().Unix()
claims := make(jwt.MapClaims)