core/go-proxy
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(proxy): unify monitoring auth checks

Browse source 
Co-Authored-By: Virgil <virgil@lethean.io>
This commit is contained in:
Virgil 2026-04-05 03:44:35 +00:00
parent 8cf01f2618
commit 711c4259f7
2 changed files with 11 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
http_auth_test.go
View file

@ -18,7 +18,7 @@ func TestProxy_allowHTTP_Good(t *testing.T) {
},
}
status, ok := p.allowMonitoringRequest(&http.Request{
status, ok := p.AllowMonitoringRequest(&http.Request{
Method: http.MethodGet,
Header: http.Header{
"Authorization": []string{"Bearer secret"},
@ -41,7 +41,7 @@ func TestProxy_allowHTTP_Bad(t *testing.T) {
},
}
status, ok := p.allowMonitoringRequest(&http.Request{Method: http.MethodPost})
status, ok := p.AllowMonitoringRequest(&http.Request{Method: http.MethodPost})
if ok {
t.Fatal("expected non-GET request to be rejected")
}
@ -57,7 +57,7 @@ func TestProxy_allowHTTP_Unrestricted_Good(t *testing.T) {
},
}
status, ok := p.allowMonitoringRequest(&http.Request{Method: http.MethodGet})
status, ok := p.AllowMonitoringRequest(&http.Request{Method: http.MethodGet})
if !ok {
t.Fatalf("expected unrestricted request to pass, got status %d", status)
}
@ -73,7 +73,7 @@ func TestProxy_allowHTTP_Unrestricted_Bad(t *testing.T) {
},
}
status, ok := p.allowMonitoringRequest(&http.Request{Method: http.MethodPost})
status, ok := p.AllowMonitoringRequest(&http.Request{Method: http.MethodPost})
if !ok {
t.Fatalf("expected unrestricted non-GET request to pass, got status %d", status)
}
@ -91,7 +91,7 @@ func TestProxy_allowHTTP_Ugly(t *testing.T) {
},
}
status, ok := p.allowMonitoringRequest(&http.Request{
status, ok := p.AllowMonitoringRequest(&http.Request{
Method: http.MethodGet,
Header: http.Header{
"Authorization": []string{"Bearer wrong"},
@ -108,7 +108,7 @@ func TestProxy_allowHTTP_Ugly(t *testing.T) {
func TestProxy_allowHTTP_NilConfig_Ugly(t *testing.T) {
p := &Proxy{}
status, ok := p.allowMonitoringRequest(&http.Request{Method: http.MethodGet})
status, ok := p.AllowMonitoringRequest(&http.Request{Method: http.MethodGet})
if ok {
t.Fatal("expected nil config request to be rejected")
}

14
state_impl.go
View file

@ -665,7 +665,7 @@ func (p *Proxy) registerMonitoringRoute(mux *http.ServeMux, pattern string, rend
return
}
mux.HandleFunc(pattern, func(w http.ResponseWriter, r *http.Request) {
if status, ok := p.allowMonitoringRequest(r); !ok {
if status, ok := p.AllowMonitoringRequest(r); !ok {
switch status {
case http.StatusUnauthorized:
w.Header().Set("WWW-Authenticate", "Bearer")
@ -679,7 +679,10 @@ func (p *Proxy) registerMonitoringRoute(mux *http.ServeMux, pattern string, rend
})
}
func (p *Proxy) allowMonitoringRequest(r *http.Request) (int, bool) {
// AllowMonitoringRequest applies the configured monitoring API access checks.
//
// status, ok := p.AllowMonitoringRequest(request)
func (p *Proxy) AllowMonitoringRequest(r *http.Request) (int, bool) {
if p == nil || p.config == nil {
return http.StatusServiceUnavailable, false
}
@ -695,13 +698,6 @@ func (p *Proxy) allowMonitoringRequest(r *http.Request) (int, bool) {
return http.StatusOK, true
}
// AllowMonitoringRequest applies the configured monitoring API access checks.
//
// status, ok := p.AllowMonitoringRequest(request)
func (p *Proxy) AllowMonitoringRequest(r *http.Request) (int, bool) {
return p.allowMonitoringRequest(r)
}
func (p *Proxy) writeJSONResponse(w http.ResponseWriter, payload any) {
w.Header().Set("Content-Type", "application/json")
_ = json.NewEncoder(w).Encode(payload)