archive/link-go
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix link resource endpoint being insecured

Browse source
This commit is contained in:
Andrey Chervyakov 2021-03-15 23:42:08 +06:00
parent ac066be702
commit 9ae733e618
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
server.go
View file

@ -10,6 +10,7 @@ import (
"github.com/labstack/echo/v4/middleware" "github.com/labstack/echo/v4/middleware"
"github.com/rs/zerolog/log" "github.com/rs/zerolog/log"
"net/http" "net/http"
"regexp"
) )
func NewServer(conf *koanf.Koanf, pool *pgxpool.Pool) *echo.Echo { func NewServer(conf *koanf.Koanf, pool *pgxpool.Pool) *echo.Echo {
@ -30,7 +31,9 @@ func addMiddleware(s *echo.Echo, conf *koanf.Koanf) {
s.Use(middleware.JWTWithConfig(middleware.JWTConfig{ s.Use(middleware.JWTWithConfig(middleware.JWTConfig{
Skipper: func(ctx echo.Context) bool { Skipper: func(ctx echo.Context) bool {
return ctx.Request().Method == "GET" && ctx.Request().URL.Path != "/links" matchesLinks, _ := regexp.MatchString("^/links", ctx.Request().URL.Path)
return ctx.Request().Method == "GET" && !matchesLinks
}, },
SigningMethod: conf.String("jwt.method"), SigningMethod: conf.String("jwt.method"),
SigningKey: conf.Bytes("jwt.key"), SigningKey: conf.Bytes("jwt.key"),