fix: Improve deny logic

Co-Authored-By: Sebastián Vargas <[email protected]>
freepik-company · Aug 26, 2024 · 3961574 · 3961574
1 parent 62a5b0e
commit 3961574
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 31 deletions.
diff --git a/charts/doorkeeper/Chart.yaml b/charts/doorkeeper/Chart.yaml
@@ -4,7 +4,7 @@ type: application
 description: >-
   A Helm chart for Doorkeeper, a tiny HTTP server to be used as 
   external authentication service for Envoy 
-version: &chartVersion 0.1.5
+version: &chartVersion 0.1.6
 appVersion: *chartVersion
 kubeVersion: ">=1.22.0-0"
 home: https://github.com/freepik-company/doorkeeper

diff --git a/charts/doorkeeper/values.yaml b/charts/doorkeeper/values.yaml
@@ -74,7 +74,7 @@ server:
     repository: ghcr.io/freepik-company/doorkeeper
     pullPolicy: IfNotPresent
     # Overrides the image tag whose default is the chart appVersion.
-    tag: "v0.1.0"
+    tag: ""
 
   imagePullSecrets: []
 

diff --git a/internal/httpserver/httpserver.go b/internal/httpserver/httpserver.go
@@ -53,22 +53,25 @@ func NewHttpServer() *HttpServer {
 
 func (s *HttpServer) handleRequest(response http.ResponseWriter, request *http.Request) {
 	globals.Application.Logger.Infof(
-		"handle request {authorizationType '%s', host: '%s', path: '%s', headers '%v'}", 
+		"handle request {authorizationType '%s', host: '%s', path: '%s', query: %s, headers '%v'}", 
 		authorizationType,
 		request.Host,
 		request.URL.Path, 
+		request.URL.RawQuery,
 		request.Header,
 	)
 
 	var err error
 	defer func(){
 		if err != nil {
 			globals.Application.Logger.Errorf(
-				"denied request {authorizationType '%s', host: '%s', path: '%s', headers '%v'}", 
+				"denied request {authorizationType '%s', host: '%s', path: '%s', query: %s, headers '%v'}: %s", 
 				authorizationType,
 				request.Host,
 				request.URL.Path, 
+				request.URL.RawQuery,
 				request.Header,
+				err.Error(),
 			)
 			response.Header().Set(resultHeader, resultDenied)
 			response.WriteHeader(http.StatusForbidden)
@@ -79,14 +82,7 @@ func (s *HttpServer) handleRequest(response http.ResponseWriter, request *http.R
 	//
 	body, err := io.ReadAll(request.Body)
 	if err != nil {
-		globals.Application.Logger.Errorf(
-			"unable to read request body {authorizationType '%s', host: '%s', path: '%s', headers '%v'}: %s", 
-			authorizationType, 
-			request.Host, 
-			request.URL.Path, 
-			request.Header, 
-			err.Error(),
-		)
+		globals.Application.Logger.Errorf("unable to read request body: %s", err.Error())
 		return
 	}
 
@@ -106,31 +102,29 @@ func (s *HttpServer) handleRequest(response http.ResponseWriter, request *http.R
 		if hmacType == "url" {
 			valid, err = hmac.ValidateTokenUrl(token, hmacEncryptionKey, hmacEncryptionArgotithm, pathParts[0])
 			if err != nil {
-				globals.Application.Logger.Errorf(
-					"unable to validate token in request {authorizationType '%s', host: '%s', path: '%s', headers '%v'}: %s", 
-					authorizationType, 
-					request.Host, 
-					request.URL.Path, 
-					request.Header, 
-					err.Error(),
-				)
+				err = fmt.Errorf("unable to validate token in request: %s", err.Error())
 				return
 			}
 		}
 	}
 
-	if valid {
-		globals.Application.Logger.Infof(
-			"allowed request {host: '%s', path: '%s', headers '%v'}", 
-			request.Host, 
-			request.URL.Path, 
-			request.Header,
-		)
-
-		response.Header().Set(resultHeader, resultAllowed)
-		response.WriteHeader(http.StatusOK)
-		err = nil
+	if !valid {
+		err = fmt.Errorf("invalid token in request")		
+		return 
 	}
+
+	globals.Application.Logger.Infof(
+		"allowed request {authorizationType '%s', host: '%s', path: '%s', query: %s, headers '%v'}", 
+		authorizationType,
+		request.Host, 
+		request.URL.Path, 
+		request.URL.RawQuery,
+		request.Header,
+	)
+
+	response.Header().Set(resultHeader, resultAllowed)
+	response.WriteHeader(http.StatusOK)
+	err = nil
 }
 
 func (s *HttpServer) Run(httpAddr string) {