Auth Improvements (micro#1195)

* Exclude Stats & Trace from Auth * Update Excluded Endpoints Format * Tweak Implementation
daheige · Feb 13, 2020 · e080ecb · e080ecb
1 parent ea70711
commit e080ecb
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 11 deletions.
diff --git a/config/cmd/cmd.go b/config/cmd/cmd.go
@@ -257,7 +257,7 @@ var (
 		&cli.StringSliceFlag{
 			Name:    "auth_exclude",
 			EnvVars: []string{"MICRO_AUTH_EXCLUDE"},
-			Usage:   "Comma-separated list of endpoints excluded from authentication",
+			Usage:   "Comma-separated list of endpoints excluded from authentication, e.g. Users.ListUsers",
 		},
 	}
 

diff --git a/util/wrapper/wrapper.go b/util/wrapper/wrapper.go
@@ -145,18 +145,14 @@ func AuthHandler(fn func() auth.Auth) server.HandlerWrapper {
 			// get the auth.Auth interface
 			a := fn()
 
-			// Extract endpoint and remove service name prefix
-			// (e.g. Platform.ListServices => ListServices)
-			var endpoint string
-			if ec := strings.Split(req.Endpoint(), "."); len(ec) == 2 {
-				endpoint = ec[1]
+			// Check for debug endpoints which should be excluded from auth
+			if strings.HasPrefix(req.Endpoint(), "Debug.") {
+				return h(ctx, req, rsp)
 			}
 
-			// Check for endpoints excluded from auth. If the endpoint
-			// matches, execute the handler and return
-			excludes := append(a.Options().Excludes, "Stats", "Trace")
-			for _, e := range excludes {
-				if e == endpoint {
+			// Exclude any user excluded endpoints
+			for _, e := range a.Options().Excludes {
+				if e == req.Endpoint() {
 					return h(ctx, req, rsp)
 				}
 			}