llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-09-09 03:22:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: handle error in ApiFilter

Browse Source
This commit is contained in:
Yang Luo
2024-08-23 21:50:48 +08:00
parent 7d3920fb1f
commit 986dcbbda1
2 changed files with 25 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
routers/authz_filter.go
View File

@@ -56,7 +56,7 @@ func getSubject(ctx *context.Context) (string, string) {
return util.GetOwnerAndNameFromId(username) return util.GetOwnerAndNameFromId(username)
} }
func getObject(ctx *context.Context) (string, string) { func getObject(ctx *context.Context) (string, string, error) {
method := ctx.Request.Method method := ctx.Request.Method
path := ctx.Request.URL.Path path := ctx.Request.URL.Path
@@ -65,13 +65,13 @@ func getObject(ctx *context.Context) (string, string) {
if ctx.Input.Query("id") == "/" { if ctx.Input.Query("id") == "/" {
adapterId := ctx.Input.Query("adapterId") adapterId := ctx.Input.Query("adapterId")
if adapterId != "" { if adapterId != "" {
return util.GetOwnerAndNameFromIdNoCheck(adapterId) return util.GetOwnerAndNameFromIdWithError(adapterId)
} }
} else { } else {
// query == "?id=built-in/admin" // query == "?id=built-in/admin"
id := ctx.Input.Query("id") id := ctx.Input.Query("id")
if id != "" { if id != "" {
return util.GetOwnerAndNameFromIdNoCheck(id) return util.GetOwnerAndNameFromIdWithError(id)
} }
} }
} }
@@ -80,34 +80,33 @@ func getObject(ctx *context.Context) (string, string) {
// query == "?id=built-in/admin" // query == "?id=built-in/admin"
id := ctx.Input.Query("id") id := ctx.Input.Query("id")
if id != "" { if id != "" {
return util.GetOwnerAndNameFromIdNoCheck(id) return util.GetOwnerAndNameFromIdWithError(id)
} }
} }
owner := ctx.Input.Query("owner") owner := ctx.Input.Query("owner")
if owner != "" { if owner != "" {
return owner, "" return owner, "", nil
} }
return "", "" return "", "", nil
} else { } else {
if path == "/api/add-policy" || path == "/api/remove-policy" || path == "/api/update-policy" { if path == "/api/add-policy" || path == "/api/remove-policy" || path == "/api/update-policy" {
id := ctx.Input.Query("id") id := ctx.Input.Query("id")
if id != "" { if id != "" {
return util.GetOwnerAndNameFromIdNoCheck(id) return util.GetOwnerAndNameFromIdWithError(id)
} }
} }
body := ctx.Input.RequestBody body := ctx.Input.RequestBody
if len(body) == 0 { if len(body) == 0 {
return ctx.Request.Form.Get("owner"), ctx.Request.Form.Get("name") return ctx.Request.Form.Get("owner"), ctx.Request.Form.Get("name"), nil
} }
var obj Object var obj Object
err := json.Unmarshal(body, &obj) err := json.Unmarshal(body, &obj)
if err != nil { if err != nil {
// panic(err) return "", "", err
return "", ""
} }
if path == "/api/delete-resource" { if path == "/api/delete-resource" {
@@ -117,7 +116,7 @@ func getObject(ctx *context.Context) (string, string) {
} }
} }
return obj.Owner, obj.Name return obj.Owner, obj.Name, nil
} }
} }
@@ -183,7 +182,12 @@ func ApiFilter(ctx *context.Context) {
objOwner, objName := "", "" objOwner, objName := "", ""
if urlPath != "/api/get-app-login" && urlPath != "/api/get-resource" { if urlPath != "/api/get-app-login" && urlPath != "/api/get-resource" {
objOwner, objName = getObject(ctx) var err error
objOwner, objName, err = getObject(ctx)
if err != nil {
responseError(ctx, err.Error())
return
}
} }
if strings.HasPrefix(urlPath, "/api/notify-payment") { if strings.HasPrefix(urlPath, "/api/notify-payment") {

9
util/string.go
View File

@@ -131,6 +131,15 @@ func GetOwnerAndNameFromId(id string) (string, string) {
return tokens[0], tokens[1] return tokens[0], tokens[1]
} }
func GetOwnerAndNameFromIdWithError(id string) (string, string, error) {
tokens := strings.Split(id, "/")
if len(tokens) != 2 {
return "", "", errors.New("GetOwnerAndNameFromId() error, wrong token count for ID: " + id)
}
return tokens[0], tokens[1], nil
}
func GetOwnerFromId(id string) string { func GetOwnerFromId(id string) string {
tokens := strings.Split(id, "/") tokens := strings.Split(id, "/")
if len(tokens) != 2 { if len(tokens) != 2 {