Skip to content

Commit 4f57f86

Browse files
nishant-dnishant-d
authored
Merge pull request #12 from devtron-labs/authorizer-check-for-webhook
feat: Api token handling from header
2 parents 461b5cb + d03fdc1 commit 4f57f86

File tree

1 file changed

+20
-11
lines changed

1 file changed

+20
-11
lines changed

middleware/AuthMiddleware.go

Lines changed: 20 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -25,21 +25,28 @@ import (
2525
"strings"
2626
)
2727

28+
const ApiTokenHeaderKey = "api-token"
29+
const tokenHeaderKey = "token"
30+
const argocdTokenHeaderKey = "argocd.token"
31+
2832
// Authorizer is a middleware for authorization
2933
func Authorizer(sessionManager *SessionManager, whitelistChecker func(url string) bool) func(next http.Handler) http.Handler {
3034
return func(next http.Handler) http.Handler {
3135
fn := func(w http.ResponseWriter, r *http.Request) {
32-
cookie, _ := r.Cookie("argocd.token")
3336
token := ""
34-
if cookie != nil {
35-
token = cookie.Value
36-
r.Header.Set("token", token)
37-
}
38-
if token == "" && cookie == nil {
39-
token = r.Header.Get("token")
40-
//if cookie == nil && len(token) != 0 {
41-
// http.SetCookie(w, &http.Cookie{Name: "argocd.token", Value: token, Path: "/"})
42-
//}
37+
apiToken := r.Header.Get(ApiTokenHeaderKey)
38+
if len(apiToken) > 0 {
39+
// for external ci webhook request, will be authorize by api-token
40+
token = apiToken
41+
} else {
42+
cookie, _ := r.Cookie(argocdTokenHeaderKey)
43+
if cookie != nil {
44+
token = cookie.Value
45+
r.Header.Set(tokenHeaderKey, token)
46+
}
47+
if token == "" && cookie == nil {
48+
token = r.Header.Get(tokenHeaderKey)
49+
}
4350
}
4451
//users = append(users, "anonymous")
4552
authEnabled := true
@@ -51,7 +58,9 @@ func Authorizer(sessionManager *SessionManager, whitelistChecker func(url string
5158
_, err := sessionManager.VerifyToken(token)
5259
if err != nil {
5360
log.Printf("Error verifying token: %+v\n", err)
54-
http.SetCookie(w, &http.Cookie{Name: "argocd.token", Value: token, Path: "/", MaxAge: -1})
61+
if len(apiToken) == 0 {
62+
http.SetCookie(w, &http.Cookie{Name: argocdTokenHeaderKey, Value: token, Path: "/", MaxAge: -1})
63+
}
5564
writeResponse(http.StatusUnauthorized, "Unauthorized", w, err)
5665
return
5766
}

0 commit comments

Comments
 (0)