instance config also needs to be a map

kurtosis-tech · Dec 1, 2023 · ab18f0c · ab18f0c
1 parent e0bb1f1
commit ab18f0c
Showing 1 changed file with 10 additions and 5 deletions.
diff --git a/enclave-manager/server/server.go b/enclave-manager/server/server.go
@@ -44,6 +44,7 @@ type WebServer struct {
 	engineServiceClient *kurtosis_engine_rpc_api_bindingsconnect.EngineServiceClient
 	enforceAuth         bool
 	instanceConfig      *kurtosis_backend_server_rpc_api_bindings.GetCloudInstanceConfigResponse
+	instanceConfigMap   map[string]*kurtosis_backend_server_rpc_api_bindings.GetCloudInstanceConfigResponse
 	apiKeyMap           map[string]*string
 }
 
@@ -58,6 +59,7 @@ func NewWebserver(enforceAuth bool) (*WebServer, error) {
 		instanceConfigMutex: &sync.RWMutex{},
 		apiKeyMutex:         &sync.RWMutex{},
 		apiKeyMap:           map[string]*string{},
+		instanceConfigMap:   map[string]*kurtosis_backend_server_rpc_api_bindings.GetCloudInstanceConfigResponse{},
 	}, nil
 }
 
@@ -93,7 +95,7 @@ func (c *WebServer) ValidateRequestAuthorization(
 		return false, stacktrace.NewError("An internal error has occurred. An empty API key was found")
 	}
 
-	instanceConfig, err := c.GetCloudInstanceConfig(ctx, auth.ApiKey)
+	instanceConfig, err := c.GetCloudInstanceConfig(ctx, reqToken, auth.ApiKey)
 	if err != nil {
 		return false, stacktrace.Propagate(err, "Failed to retrieve the instance config")
 	}
@@ -104,7 +106,9 @@ func (c *WebServer) ValidateRequestAuthorization(
 	}
 	reqHost = splitHost[0]
 	if instanceConfig.LaunchResult.PublicDns != reqHost {
-		return false, stacktrace.NewError("Instance config public dns '%s' does not match the request host '%s'", instanceConfig.LaunchResult.PublicDns, reqHost)
+		delete(c.apiKeyMap, reqToken)
+		delete(c.instanceConfigMap, reqToken)
+		return false, stacktrace.NewError("either the requested instance does not exist or the user is not authorized to access the resource")
 	}
 
 	return true, nil
@@ -414,11 +418,12 @@ func (c *WebServer) createKurtosisCloudBackendClient(
 
 func (c *WebServer) GetCloudInstanceConfig(
 	ctx context.Context,
+	jwtToken string,
 	apiKey string,
 ) (*kurtosis_backend_server_rpc_api_bindings.GetCloudInstanceConfigResponse, error) {
 	// Check if we have already fetched the instance config, if so return the cache
-	if c.instanceConfig != nil {
-		return c.instanceConfig, nil
+	if c.instanceConfigMap[jwtToken] != nil {
+		return c.instanceConfigMap[jwtToken], nil
 	}
 
 	// We have not yet fetched the instance configuration, so we write lock, make the external call and cache the result
@@ -453,7 +458,7 @@ func (c *WebServer) GetCloudInstanceConfig(
 		return nil, stacktrace.Propagate(err, "Failed to get the instance config")
 	}
 
-	c.instanceConfig = getInstanceConfigResponse.Msg
+	c.instanceConfigMap[jwtToken] = getInstanceConfigResponse.Msg
 
 	return getInstanceConfigResponse.Msg, nil
 }