alexvanin/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Error handle non existent provisioner downstream and disable debug route logging

Browse source
This commit is contained in:
max furman 2021-04-14 15:35:43 -07:00
parent 497ec0c79b
commit 93c3c2bf2e
3 changed files with 28 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
acme/api/middleware.go
View file

@ -87,14 +87,14 @@ func (h *Handler) addDirLink(next nextHTTP) nextHTTP {
// application/jose+json. // application/jose+json.
func (h *Handler) verifyContentType(next nextHTTP) nextHTTP { func (h *Handler) verifyContentType(next nextHTTP) nextHTTP {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
var ( var expected []string
expected []string p, err := provisionerFromContext(r.Context())
provName string if err != nil {
) api.WriteError(w, err)
if p, err := provisionerFromContext(r.Context()); err == nil && p != nil { return
provName = p.GetName()
} }
u := url.URL{Path: h.linker.GetUnescapedPathSuffix(CertificateLinkType, provName, "")}
u := url.URL{Path: h.linker.GetUnescapedPathSuffix(CertificateLinkType, p.GetName(), "")}
if strings.Contains(r.URL.String(), u.EscapedPath()) { if strings.Contains(r.URL.String(), u.EscapedPath()) {
// GET /certificate requests allow a greater range of content types. // GET /certificate requests allow a greater range of content types.
expected = []string{"application/jose+json", "application/pkix-cert", "application/pkcs7-mime"} expected = []string{"application/jose+json", "application/pkix-cert", "application/pkcs7-mime"}

12
acme/api/middleware_test.go
View file

@ -240,6 +240,18 @@ func TestHandler_verifyContentType(t *testing.T) {
url string url string
} }
var tests = map[string]func(t *testing.T) test{ var tests = map[string]func(t *testing.T) test{
"fail/provisioner-not-set": func(t *testing.T) test {
return test{
h: Handler{
linker: NewLinker("dns", "acme"),
},
url: url,
ctx: context.Background(),
contentType: "foo",
statusCode: 500,
err: acme.NewErrorISE("provisioner expected in request context"),
}
},
"fail/general-bad-content-type": func(t *testing.T) test { "fail/general-bad-content-type": func(t *testing.T) test {
return test{ return test{
h: Handler{ h: Handler{

16
ca/ca.go
View file

@ -168,13 +168,15 @@ func (ca *CA) Init(config *authority.Config) (*CA, error) {
}) })
// helpful routine for logging all routes // // helpful routine for logging all routes //
walkFunc := func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error { /*
fmt.Printf("%s %s\n", method, route) walkFunc := func(method string, route string, handler http.Handler, middlewares ...func(http.Handler) http.Handler) error {
return nil fmt.Printf("%s %s\n", method, route)
} return nil
if err := chi.Walk(mux, walkFunc); err != nil { }
fmt.Printf("Logging err: %s\n", err.Error()) if err := chi.Walk(mux, walkFunc); err != nil {
} fmt.Printf("Logging err: %s\n", err.Error())
}
*/
// Add monitoring if configured // Add monitoring if configured
if len(config.Monitoring) > 0 { if len(config.Monitoring) > 0 {