Skip to content

Commit

Permalink
fix(routes): fix cors headers for api keys and logout route
Browse files Browse the repository at this point in the history 
Signed-off-by: Petu Eusebiu <[email protected]>
  • Loading branch information
@eusebiu-constantin-petu-dbk
eusebiu-constantin-petu-dbk committed Oct 30, 2023
1 parent f34af3c commit 85acfa0
Showing 1 changed file with 15 additions and 1 deletion.
16 changes: 15 additions & 1 deletion pkg/api/routes.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,9 +91,11 @@ func (rh *RouteHandler) SetupRoutes() {
apiKeyRouter := rh.c.Router.PathPrefix(constants.APIKeyPath).Subrouter()
apiKeyRouter.Use(authHandler)
apiKeyRouter.Use(BaseAuthzHandler(rh.c))

// Always use CORSHeadersMiddleware before ACHeadersMiddleware
apiKeyRouter.Use(zcommon.CORSHeadersMiddleware(rh.c.Config.HTTP.AllowOrigin))
apiKeyRouter.Use(zcommon.ACHeadersMiddleware(rh.c.Config,
http.MethodGet, http.MethodPost, http.MethodDelete, http.MethodOptions))
apiKeyRouter.Use(zcommon.CORSHeadersMiddleware(rh.c.Config.HTTP.AllowOrigin))

apiKeyRouter.Methods(http.MethodPost, http.MethodOptions).HandlerFunc(rh.CreateAPIKey)
apiKeyRouter.Methods(http.MethodGet).HandlerFunc(rh.GetAPIKeys)
Expand Down Expand Up @@ -2037,6 +2039,10 @@ type APIKeyPayload struct { //nolint:revive
// @Failure 500 {string} string "internal server error"
// @Router /zot/auth/apikey [get].
func (rh *RouteHandler) GetAPIKeys(resp http.ResponseWriter, req *http.Request) {
if req.Method == http.MethodOptions {
return
}

Check warning on line 2044 in pkg/api/routes.go

View check run for this annotation

Codecov / codecov/patch

pkg/api/routes.go#L2043-L2044 

Added lines #L2043 - L2044 were not covered by tests

apiKeys, err := rh.c.MetaDB.GetUserAPIKeys(req.Context())
if err != nil {
rh.c.Log.Error().Err(err).Msg("error getting list of API keys for user")
Expand Down Expand Up @@ -2079,6 +2085,10 @@ func (rh *RouteHandler) GetAPIKeys(resp http.ResponseWriter, req *http.Request)
// @Failure 500 {string} string "internal server error"
// @Router /zot/auth/apikey [post].
func (rh *RouteHandler) CreateAPIKey(resp http.ResponseWriter, req *http.Request) {
if req.Method == http.MethodOptions {
return
}

Check warning on line 2090 in pkg/api/routes.go

View check run for this annotation

Codecov / codecov/patch

pkg/api/routes.go#L2089-L2090 

Added lines #L2089 - L2090 were not covered by tests

var payload APIKeyPayload

body, err := io.ReadAll(req.Body)
Expand Down Expand Up @@ -2181,6 +2191,10 @@ func (rh *RouteHandler) CreateAPIKey(resp http.ResponseWriter, req *http.Request
// @Failure 400 {string} string "bad request"
// @Router /zot/auth/apikey [delete].
func (rh *RouteHandler) RevokeAPIKey(resp http.ResponseWriter, req *http.Request) {
if req.Method == http.MethodOptions {
return
}

Check warning on line 2196 in pkg/api/routes.go

View check run for this annotation

Codecov / codecov/patch

pkg/api/routes.go#L2195-L2196 

Added lines #L2195 - L2196 were not covered by tests

ids, ok := req.URL.Query()["id"]
if !ok || len(ids) != 1 {
resp.WriteHeader(http.StatusBadRequest)
Expand Down

0 comments on commit 85acfa0

Please sign in to comment.