mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
2b35eabd5d
Fixes #42885 Added new middleware (APIOnlyEndpointCheck) that enforces 403 for API-only users whose request either isn't in the API endpoint catalog or falls outside their configured per-user endpoint restrictions.
42 lines
1.3 KiB
Go
42 lines
1.3 KiB
Go
package endpointer
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
|
|
"github.com/gorilla/mux"
|
|
)
|
|
|
|
// contextKeyRouteTemplate is the context key type for the mux route template.
|
|
type contextKeyRouteTemplate struct{}
|
|
|
|
var routeTemplateKey = contextKeyRouteTemplate{}
|
|
|
|
// RouteTemplateRequestFunc captures the gorilla/mux route template for the
|
|
// matched request and stores it in the context.
|
|
func RouteTemplateRequestFunc(ctx context.Context, r *http.Request) context.Context {
|
|
route := mux.CurrentRoute(r)
|
|
if route == nil {
|
|
return ctx
|
|
}
|
|
tpl, err := route.GetPathTemplate()
|
|
if err != nil {
|
|
// Only happens when a route has no path, which Fleet never registers.
|
|
return ctx
|
|
}
|
|
return context.WithValue(ctx, routeTemplateKey, tpl)
|
|
}
|
|
|
|
// RouteTemplateFromContext returns the mux route template stored by
|
|
// RouteTemplateRequestFunc. Returns "" and false if no template is in context.
|
|
func RouteTemplateFromContext(ctx context.Context) (string, bool) {
|
|
tpl, ok := ctx.Value(routeTemplateKey).(string)
|
|
return tpl, ok
|
|
}
|
|
|
|
// WithRouteTemplate returns a new context with the given route template value.
|
|
// Intended for tests that need to simulate what RouteTemplateRequestFunc would
|
|
// have stored without running a real mux router.
|
|
func WithRouteTemplate(ctx context.Context, tpl string) context.Context {
|
|
return context.WithValue(ctx, routeTemplateKey, tpl)
|
|
}
|