Andreas/watchtower
1
0
Fork 0
mirror of https://github.com/containrrr/watchtower.git synced 2025-09-21 21:30:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(api): return appropriate status for unauthorized requests (#1116)

Browse source
This commit is contained in:
Igor Zibarev 2021-11-12 14:16:24 +03:00 committed by GitHub
parent c0fd77d357
commit 81036b078b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 71 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

9
pkg/api/api.go
View file

@ -25,9 +25,12 @@ func New(token string) *API {
// RequireToken is wrapper around http.HandleFunc that checks token validity
func (api *API) RequireToken(fn http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
if r.Header.Get("Authorization") != fmt.Sprintf("Bearer %s", api.Token) {
log.Tracef("Invalid token \"%s\"", r.Header.Get("Authorization"))
log.Tracef("Expected token to be \"%s\"", api.Token)
auth := r.Header.Get("Authorization")
want := fmt.Sprintf("Bearer %s", api.Token)
if auth != want {
log.Tracef("Invalid Authorization header \"%s\"", auth)
log.Tracef("Expected Authorization header to be \"%s\"", want)
w.WriteHeader(http.StatusUnauthorized)
return
}
log.Debug("Valid token found.")