From 9096f941261255ca1382d0b4398986a0cb778dc0 Mon Sep 17 00:00:00 2001 From: Filip Barl Date: Mon, 25 Feb 2019 14:49:31 +0100 Subject: [PATCH 1/2] Add middleware for conditional Scope report censoring. --- authfe/routes.go | 9 +++++++-- users/client/middleware.go | 26 ++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/authfe/routes.go b/authfe/routes.go index 6fde2cebe..512566c6d 100644 --- a/authfe/routes.go +++ b/authfe/routes.go @@ -133,6 +133,11 @@ func routes(c Config, authenticator users.UsersClient, ghIntegration *users_clie Secret: c.gcpSSOSecret, } + scopeCensorMiddleware := users_client.ScopeCensorMiddleware{ + UsersClient: authenticator, + UserIDHeader: userIDHeader, + } + userPermissionsMiddleware := users_client.UserPermissionsMiddleware{ UsersClient: authenticator, UserIDHeader: userIDHeader, @@ -239,8 +244,8 @@ func routes(c Config, authenticator users.UsersClient, ghIntegration *users_clie MiddlewarePrefix{ "/api/app/{orgExternalID}", []PrefixRoutable{ - Prefix{"/api/report", c.queryHost}, - Prefix{"/api/topology", c.queryHost}, + Prefix{"/api/report", scopeCensorMiddleware.Wrap(c.queryHost)}, + Prefix{"/api/topology", scopeCensorMiddleware.Wrap(c.queryHost)}, Prefix{"/api/control", c.controlHost}, Prefix{"/api/pipe", c.pipeHost}, // API to insert deploy key requires GH token. Insert token with middleware. diff --git a/users/client/middleware.go b/users/client/middleware.go index b816fbe43..6db106479 100644 --- a/users/client/middleware.go +++ b/users/client/middleware.go @@ -22,6 +22,7 @@ import ( "github.com/weaveworks/service/common/constants/webhooks" "github.com/weaveworks/service/common/featureflag" httpUtil "github.com/weaveworks/service/common/http" + "github.com/weaveworks/service/common/permission" "github.com/weaveworks/service/common/tracing" "github.com/weaveworks/service/users" "github.com/weaveworks/service/users/tokens" @@ -452,3 +453,28 @@ func (a UserPermissionsMiddleware) Wrap(next http.Handler) http.Handler { next.ServeHTTP(w, r) }) } + +// ScopeCensorMiddleware is a middleware.Interface which passes +// certain query params to Scope API depending on user permissions. +type ScopeCensorMiddleware struct { + UsersClient users.UsersClient + UserIDHeader string +} + +// Wrap implements middleware.Interface +func (a ScopeCensorMiddleware) Wrap(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + // If the user has no permission to view the token, we tell Scope to hide all the sensitive data for the request. + if _, err := a.UsersClient.RequireOrgMemberPermissionTo(r.Context(), &users.RequireOrgMemberPermissionToRequest{ + OrgID: &users.RequireOrgMemberPermissionToRequest_OrgExternalID{mux.Vars(r)["orgExternalID"]}, + UserID: r.Header.Get(a.UserIDHeader), + PermissionID: permission.ViewToken, + }); err != nil { + q := r.URL.Query() + q.Add("hideCommandLineArguments", "true") + q.Add("hideEnvironmentVariables", "true") + r.URL.RawQuery = q.Encode() + } + next.ServeHTTP(w, r) + }) +} From c32f3e7d6e28a986e13ea4c4aebdbc5c94876b39 Mon Sep 17 00:00:00 2001 From: Filip Barl Date: Tue, 26 Feb 2019 12:18:44 +0100 Subject: [PATCH 2/2] Set Scope censor query params instead of adding them. --- users/client/middleware.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/users/client/middleware.go b/users/client/middleware.go index 6db106479..338f473c0 100644 --- a/users/client/middleware.go +++ b/users/client/middleware.go @@ -471,8 +471,8 @@ func (a ScopeCensorMiddleware) Wrap(next http.Handler) http.Handler { PermissionID: permission.ViewToken, }); err != nil { q := r.URL.Query() - q.Add("hideCommandLineArguments", "true") - q.Add("hideEnvironmentVariables", "true") + q.Set("hideCommandLineArguments", "true") + q.Set("hideEnvironmentVariables", "true") r.URL.RawQuery = q.Encode() } next.ServeHTTP(w, r)