8000 fix(api): do not load user infos, just check the session (#3442) · ovh/cds@a33db19 · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Commit a33db19

Browse files
bnjjjrichardlt
bnjjj
authored and
richardlt
committed
fix(api): do not load user infos, just check the session (#3442)
Signed-off-by: Benjamin Coenen <benjamin.coenen@corp.ovh.com>
1 parent 13a2388 commit a33db19

File tree

4 files changed

+16
-12
lines changed

4 files changed

+16
-12
lines changed

engine/api/api_routes.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -377,7 +377,7 @@ func (api *API) InitRouter() {
377377

378378
// Users
379379
r.Handle("/user", r.GET(api.getUsersHandler))
380 10000 -
r.Handle("/user/me", r.GET(api.getUserMeHandler))
380+
r.Handle("/user/logged", r.GET(api.getUserLoggedHandler, Auth(false)))
381381
r.Handle("/user/favorite", r.POST(api.postUserFavoriteHandler))
382382
r.Handle("/user/timeline", r.GET(api.getTimelineHandler))
383383
r.Handle("/user/timeline/filter", r.GET(api.getTimelineFilterHandler), r.POST(api.postTimelineFilterHandler))

engine/api/user.go

Lines changed: 13 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ package api
33
import (
44
"context"
55
"database/sql"
6-
"fmt"
76
"net/http"
87
"time"
98

@@ -159,16 +158,21 @@ func (api *API) getUsersHandler() service.Handler {
159158
}
160159
}
161160

162-
// getUserMeHandler fetches current user data
163-
func (api *API) getUserMeHandler() service.Handler {
161+
// getUserLoggedHandler check if the current user is connected
162+
func (api *API) getUserLoggedHandler() service.Handler {
164163
return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
165-
u := getUser(ctx)
166-
if u == nil {
167-
return fmt.Errorf("getUserMeHandler> user is nil")
164+
h := r.Header.Get(sdk.SessionTokenHeader)
165+
if h == "" {
166+
return sdk.ErrUnauthorized
167+
}
168+
169+
store := api.Router.AuthDriver.Store()
170+
key := sessionstore.SessionKey(h)
171+
if ok, _ := store.Exists(key); !ok {
172+
return sdk.ErrUnauthorized
168173
}
169-
u.Groups = nil
170-
u.Permissions = sdk.UserPermissions{}
171-
return service.WriteJSON(w, *u, http.StatusOK)
174+
175+
return service.WriteJSON(w, nil, http.StatusOK)
172176
}
173177
}
174178

engine/service/http.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ func WriteError(w http.ResponseWriter, r *http.Request, err error) {
106106
// ErrAlreadyTaken and ErrWorkerModelAlreadyBooked are not useful to log in warning
107107
if sdk.ErrorIs(httpErr, sdk.ErrAlreadyTaken) ||
108108
sdk.ErrorIs(httpErr, sdk.ErrWorkerModelAlreadyBooked) ||
109-
sdk.ErrorIs(httpErr, sdk.ErrJobAlreadyBooked) || r.URL.Path == "/user/me" {
109+
sdk.ErrorIs(httpErr, sdk.ErrJobAlreadyBooked) || r.URL.Path == "/user/logged" {
110110
entry.Debugf("%s", err)
111111
} else {
112112
entry.Warningf("%s", err)

ui/src/app/app.component.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -157,7 +157,7 @@ export class AppComponent implements OnInit {
157157
urlSubscribe: environment.apiURL + '/events/subscribe',
158158
urlUnsubscribe: environment.apiURL + 'events/unsubscribe',
159159
sseURL: environment.apiURL + '/events',
160-
pingURL: environment.apiURL + '/user/me'
160+
pingURL: environment.apiURL + '/user/logged'
161161
});
162162
this.sseWorker.response().subscribe(e => {
163163
if (e == null) {

0 commit comments

Comments
 (0)
0