all: Move authorization middlewares before rate limiting middlewares

TheThingsNetwork · Nov 21, 2023 · a3237d3 · a3237d3
1 parent 17a2d7e
commit a3237d3
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 15 deletions.
diff --git a/pkg/basicstation/cups/server.go b/pkg/basicstation/cups/server.go
@@ -33,7 +33,6 @@ import (
 	"go.thethings.network/lorawan-stack/v3/pkg/web"
 	"golang.org/x/sync/singleflight"
 	"google.golang.org/grpc"
-	"google.golang.org/grpc/metadata"
 )
 
 // Server implements the Basic Station Configuration and Update Server.
@@ -184,17 +183,6 @@ func (s *Server) RegisterRoutes(web *web.Server) {
 	router.Path("/update-info").HandlerFunc(s.UpdateInfo).Methods(http.MethodPost)
 }
 
-func getContext(r *http.Request) context.Context {
-	ctx := r.Context()
-	md := metadata.New(map[string]string{
-		"authorization": r.Header.Get("Authorization"),
-	})
-	if ctxMd, ok := metadata.FromIncomingContext(ctx); ok {
-		md = metadata.Join(ctxMd, md)
-	}
-	return metadata.NewIncomingContext(ctx, md)
-}
-
 var errNoTrust = errors.DefineInternal("no_trust", "no trusted certificate found")
 
 // parseAddress parses a CUPS or LNS address.

diff --git a/pkg/console/internal/events/events.go b/pkg/console/internal/events/events.go
@@ -62,9 +62,9 @@ func (h *eventsHandler) RegisterRoutes(server *web.Server) {
 	router := server.APIRouter().PathPrefix(ttnpb.HTTPAPIPrefix + "/console/internal/events/").Subrouter()
 	router.Use(
 		mux.MiddlewareFunc(webmiddleware.Namespace("console/internal/events")),
-		ratelimit.HTTPMiddleware(h.component.RateLimiter(), "http:console:internal:events"),
 		mux.MiddlewareFunc(middleware.ProtocolAuthentication(authorizationProtocolPrefix)),
 		mux.MiddlewareFunc(webmiddleware.Metadata("Authorization")),
+		ratelimit.HTTPMiddleware(h.component.RateLimiter(), "http:console:internal:events"),
 	)
 	router.Path("/").HandlerFunc(h.handleEvents).Methods(http.MethodGet)
 }

diff --git a/pkg/gatewayconfigurationserver/http.go b/pkg/gatewayconfigurationserver/http.go
@@ -38,8 +38,8 @@ func (s *Server) RegisterRoutes(server *web.Server) {
 	router := server.Prefix(ttnpb.HTTPAPIPrefix + "/gcs/gateways/{gateway_id}/").Subrouter()
 	router.Use(
 		mux.MiddlewareFunc(webmiddleware.Namespace("gatewayconfigurationserver")),
-		ratelimit.HTTPMiddleware(s.Component.RateLimiter(), "http:gcs"),
 		mux.MiddlewareFunc(webmiddleware.Metadata("Authorization")),
+		ratelimit.HTTPMiddleware(s.Component.RateLimiter(), "http:gcs"),
 		validateAndFillIDs,
 	)
 	if s.config.RequireAuth {

diff --git a/pkg/gatewayconfigurationserver/v2/server.go b/pkg/gatewayconfigurationserver/v2/server.go
@@ -84,9 +84,9 @@ func (s *Server) RegisterRoutes(server *web.Server) {
 
 	middleware := []webmiddleware.MiddlewareFunc{
 		webmiddleware.Namespace("gatewayconfigurationserver/v2"),
-		ratelimit.HTTPMiddleware(s.component.RateLimiter(), "http:gcs"),
 		rewriteAuthorization,
 		webmiddleware.Metadata("Authorization"),
+		ratelimit.HTTPMiddleware(s.component.RateLimiter(), "http:gcs"),
 	}
 
 	router.Handle(