Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-05-12 01:17:04 +02:00
Code Issues Projects Releases Wiki Activity

Added a check that allows posting edge bulk metrics with a client token (#5735)

Browse Source 
This allows bulk metrics posted with a Client token to be accepted.
Previously you needed an admin token to have bulk metrics accepted
This commit is contained in:
Christopher Kolstad 2024-01-02 09:51:01 +01:00 committed by GitHub
parent e4c9a257ad
commit 3a7824a2e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/lib/middleware/api-token-middleware.test.ts
View File

@ -243,3 +243,34 @@ test('should call next if apiTokenService throws x2', async () => {
expect(cb).toHaveBeenCalled(); expect(cb).toHaveBeenCalled();
}); });
test('should add user if client token and /edge/metrics', async () => {
const apiUser = new ApiUser({
tokenName: 'default',
permissions: [CLIENT],
project: ALL,
environment: ALL,
type: ApiTokenType.CLIENT,
secret: 'a',
});
const apiTokenService = {
getUserForToken: jest.fn().mockReturnValue(apiUser),
} as unknown as ApiTokenService;
const func = apiTokenMiddleware(config, { apiTokenService });
const cb = jest.fn();
const req = {
header: jest.fn().mockReturnValue('some-known-token'),
user: undefined,
path: '/edge/metrics',
method: 'POST',
};
await func(req, undefined, cb);
expect(cb).toHaveBeenCalled();
expect(req.header).toHaveBeenCalled();
expect(req.user).toBe(apiUser);
});

8
src/lib/middleware/api-token-middleware.ts
View File

@ -7,6 +7,10 @@ const isClientApi = ({ path }) => {
return path && path.indexOf('/api/client') > -1; return path && path.indexOf('/api/client') > -1;
}; };
const isEdgeMetricsApi = ({ path }) => {
return path && path.indexOf('/edge/metrics') > -1;
};
const isProxyApi = ({ path }) => { const isProxyApi = ({ path }) => {
if (!path) { if (!path) {
return; return;
@ -57,7 +61,9 @@ const apiAccessMiddleware = (
if (apiUser) { if (apiUser) {
if ( if (
(apiUser.type === CLIENT && !isClientApi(req)) || (apiUser.type === CLIENT &&
!isClientApi(req) &&
!isEdgeMetricsApi(req)) ||
(apiUser.type === FRONTEND && !isProxyApi(req)) || (apiUser.type === FRONTEND && !isProxyApi(req)) ||
(apiUser.type === FRONTEND && (apiUser.type === FRONTEND &&
!flagResolver.isEnabled('embedProxy')) !flagResolver.isEnabled('embedProxy'))