Skip to content

C
canifa_note
Unverified Commit 7c3fcc29 authored by Faizaan pochi's avatar Faizaan pochi Committed by GitHub
Browse files
Options

fix: allow public memo API access without authentication (#5451)

parent 14fb38f3
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 2 deletions
server/router/api/v1/v1.go
View file @ 7c3fcc29
...@@ -59,7 +59,7 @@ func (s *APIV1Service) RegisterGateway(ctx context.Context, echoServer *echo.Ech ...@@ -59,7 +59,7 @@ func (s *APIV1Service) RegisterGateway(ctx context.Context, echoServer *echo.Ech
ctx := r.Context() ctx := r.Context()
// Get the RPC method name from context (set by grpc-gateway after routing) // Get the RPC method name from context (set by grpc-gateway after routing)
rpcMethod, _ := runtime.RPCMethod(ctx) rpcMethod, ok := runtime.RPCMethod(ctx)
// Extract credentials from HTTP headers // Extract credentials from HTTP headers
authHeader := r.Header.Get("Authorization") authHeader := r.Header.Get("Authorization")
...@@ -67,7 +67,8 @@ func (s *APIV1Service) RegisterGateway(ctx context.Context, echoServer *echo.Ech ...@@ -67,7 +67,8 @@ func (s *APIV1Service) RegisterGateway(ctx context.Context, echoServer *echo.Ech
result := authenticator.Authenticate(ctx, authHeader) result := authenticator.Authenticate(ctx, authHeader)
// Enforce authentication for non-public methods // Enforce authentication for non-public methods
if result == nil && !IsPublicMethod(rpcMethod) { // If rpcMethod cannot be determined, allow through, service layer will handle visibility checks
if result == nil && ok && !IsPublicMethod(rpcMethod) {
http.Error(w, `{"code": 16, "message": "authentication required"}`, http.StatusUnauthorized) http.Error(w, `{"code": 16, "message": "authentication required"}`, http.StatusUnauthorized)
return return
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment