Refactor and improve error handling for JWT authentication

This commit is contained in:
Jan Eitzinger 2024-03-22 09:02:10 +01:00
parent 61892666a7
commit 626b533cf2

38
api.go
View File

@ -24,9 +24,9 @@ import (
type ApiMetricData struct { type ApiMetricData struct {
Error *string `json:"error,omitempty"` Error *string `json:"error,omitempty"`
Data FloatArray `json:"data,omitempty"`
From int64 `json:"from"` From int64 `json:"from"`
To int64 `json:"to"` To int64 `json:"to"`
Data FloatArray `json:"data,omitempty"`
Avg Float `json:"avg"` Avg Float `json:"avg"`
Min Float `json:"min"` Min Float `json:"min"`
Max Float `json:"max"` Max Float `json:"max"`
@ -134,7 +134,7 @@ func handleFree(rw http.ResponseWriter, r *http.Request) {
} }
rw.WriteHeader(http.StatusOK) rw.WriteHeader(http.StatusOK)
rw.Write([]byte(fmt.Sprintf("buffers freed: %d\n", n))) fmt.Fprintf(rw, "buffers freed: %d\n", n)
} }
func handleWrite(rw http.ResponseWriter, r *http.Request) { func handleWrite(rw http.ResponseWriter, r *http.Request) {
@ -179,13 +179,13 @@ func handleWrite(rw http.ResponseWriter, r *http.Request) {
type ApiQueryRequest struct { type ApiQueryRequest struct {
Cluster string `json:"cluster"` Cluster string `json:"cluster"`
Queries []ApiQuery `json:"queries"`
ForAllNodes []string `json:"for-all-nodes"`
From int64 `json:"from"` From int64 `json:"from"`
To int64 `json:"to"` To int64 `json:"to"`
WithStats bool `json:"with-stats"` WithStats bool `json:"with-stats"`
WithData bool `json:"with-data"` WithData bool `json:"with-data"`
WithPadding bool `json:"with-padding"` WithPadding bool `json:"with-padding"`
Queries []ApiQuery `json:"queries"`
ForAllNodes []string `json:"for-all-nodes"`
} }
type ApiQueryResponse struct { type ApiQueryResponse struct {
@ -194,20 +194,20 @@ type ApiQueryResponse struct {
} }
type ApiQuery struct { type ApiQuery struct {
Type *string `json:"type,omitempty"`
SubType *string `json:"subtype,omitempty"`
Metric string `json:"metric"` Metric string `json:"metric"`
Hostname string `json:"host"` Hostname string `json:"host"`
Aggregate bool `json:"aggreg"`
ScaleFactor Float `json:"scale-by,omitempty"`
Type *string `json:"type,omitempty"`
TypeIds []string `json:"type-ids,omitempty"` TypeIds []string `json:"type-ids,omitempty"`
SubType *string `json:"subtype,omitempty"`
SubTypeIds []string `json:"subtype-ids,omitempty"` SubTypeIds []string `json:"subtype-ids,omitempty"`
ScaleFactor Float `json:"scale-by,omitempty"`
Aggregate bool `json:"aggreg"`
} }
func handleQuery(rw http.ResponseWriter, r *http.Request) { func handleQuery(rw http.ResponseWriter, r *http.Request) {
var err error var err error
var req ApiQueryRequest = ApiQueryRequest{WithStats: true, WithData: true, WithPadding: true} req := ApiQueryRequest{WithStats: true, WithData: true, WithPadding: true}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil { if err = json.NewDecoder(r.Body).Decode(&req); err != nil {
http.Error(rw, err.Error(), http.StatusBadRequest) http.Error(rw, err.Error(), http.StatusBadRequest)
return return
} }
@ -351,15 +351,25 @@ func authentication(next http.Handler, publicKey ed25519.PublicKey) http.Handler
return publicKey, nil return publicKey, nil
}) })
switch {
case token.Valid:
cacheLock.Lock()
cache[rawtoken] = token
cacheLock.Unlock()
case errors.Is(err, jwt.ErrTokenMalformed):
log.Print("That is not a token")
case errors.Is(err, jwt.ErrTokenSignatureInvalid):
log.Print("Invalid signature")
case errors.Is(err, jwt.ErrTokenExpired) || errors.Is(err, jwt.ErrTokenNotValidYet):
log.Print("Token is either expired or not active yet")
default:
log.Print("Couldn't handle this token:", err)
}
if err != nil { if err != nil {
http.Error(rw, err.Error(), http.StatusUnauthorized) http.Error(rw, err.Error(), http.StatusUnauthorized)
return return
} }
cacheLock.Lock()
cache[rawtoken] = token
cacheLock.Unlock()
// Let request through... // Let request through...
next.ServeHTTP(rw, r) next.ServeHTTP(rw, r)
}) })