mirror of
https://github.com/juanfont/headscale.git
synced 2025-11-10 01:20:58 +01:00
fix: guard every error statement with early return (#2810)
This commit is contained in:
Elyas Asmad
GitHub
parent
8becb7e54a
commit
2c9e98d3f5
@ -380,53 +380,45 @@ func (h *Headscale) httpAuthenticationMiddleware(next http.Handler) http.Handler
|
|||||||
writer http.ResponseWriter,
|
writer http.ResponseWriter,
|
||||||
req *http.Request,
|
req *http.Request,
|
||||||
) {
|
) {
|
||||||
if err := func() error {
|
log.Trace().
|
||||||
log.Trace().
|
Caller().
|
||||||
|
Str("client_address", req.RemoteAddr).
|
||||||
|
Msg("HTTP authentication invoked")
|
||||||
|
|
||||||
|
authHeader := req.Header.Get("Authorization")
|
||||||
|
|
||||||
|
writeUnauthorized := func(statusCode int) {
|
||||||
|
writer.WriteHeader(statusCode)
|
||||||
|
if _, err := writer.Write([]byte("Unauthorized")); err != nil {
|
||||||
|
log.Error().Err(err).Msg("writing HTTP response failed")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !strings.HasPrefix(authHeader, AuthPrefix) {
|
||||||
|
log.Error().
|
||||||
Caller().
|
Caller().
|
||||||
Str("client_address", req.RemoteAddr).
|
Str("client_address", req.RemoteAddr).
|
||||||
Msg("HTTP authentication invoked")
|
Msg(`missing "Bearer " prefix in "Authorization" header`)
|
||||||
|
writeUnauthorized(http.StatusUnauthorized)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
authHeader := req.Header.Get("Authorization")
|
valid, err := h.state.ValidateAPIKey(strings.TrimPrefix(authHeader, AuthPrefix))
|
||||||
|
if err != nil {
|
||||||
if !strings.HasPrefix(authHeader, AuthPrefix) {
|
|
||||||
log.Error().
|
|
||||||
Caller().
|
|
||||||
Str("client_address", req.RemoteAddr).
|
|
||||||
Msg(`missing "Bearer " prefix in "Authorization" header`)
|
|
||||||
writer.WriteHeader(http.StatusUnauthorized)
|
|
||||||
_, err := writer.Write([]byte("Unauthorized"))
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
valid, err := h.state.ValidateAPIKey(strings.TrimPrefix(authHeader, AuthPrefix))
|
|
||||||
if err != nil {
|
|
||||||
log.Error().
|
|
||||||
Caller().
|
|
||||||
Err(err).
|
|
||||||
Str("client_address", req.RemoteAddr).
|
|
||||||
Msg("failed to validate token")
|
|
||||||
|
|
||||||
writer.WriteHeader(http.StatusInternalServerError)
|
|
||||||
_, err := writer.Write([]byte("Unauthorized"))
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
if !valid {
|
|
||||||
log.Info().
|
|
||||||
Str("client_address", req.RemoteAddr).
|
|
||||||
Msg("invalid token")
|
|
||||||
|
|
||||||
writer.WriteHeader(http.StatusUnauthorized)
|
|
||||||
_, err := writer.Write([]byte("Unauthorized"))
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}(); err != nil {
|
|
||||||
log.Error().
|
log.Error().
|
||||||
Caller().
|
Caller().
|
||||||
Err(err).
|
Err(err).
|
||||||
Msg("Failed to write HTTP response")
|
Str("client_address", req.RemoteAddr).
|
||||||
|
Msg("failed to validate token")
|
||||||
|
writeUnauthorized(http.StatusInternalServerError)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if !valid {
|
||||||
|
log.Info().
|
||||||
|
Str("client_address", req.RemoteAddr).
|
||||||
|
Msg("invalid token")
|
||||||
|
writeUnauthorized(http.StatusUnauthorized)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user