From edc38240a2e5fbd85255d0fad8afc6730546032e Mon Sep 17 00:00:00 2001 From: Ian Chen Date: Sun, 23 Jan 2022 14:55:11 +0000 Subject: [PATCH 1/3] add err handling on tenant feature --- backend/WebUI/api_webui.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/backend/WebUI/api_webui.go b/backend/WebUI/api_webui.go index 83a88476..e971f14d 100644 --- a/backend/WebUI/api_webui.go +++ b/backend/WebUI/api_webui.go @@ -94,7 +94,7 @@ func sendResponseToClientFilterTenant(c *gin.Context, response *http.Response, t tenantCheck := func(supi string) bool { for _, amData := range amDataList { - if supi == amData["ueId"] && tenantId == amData["tenantId"] { + if supi == amData["ueId"] { return true } } @@ -423,7 +423,7 @@ func ParseJWT(tokenStr string) jwt.MapClaims { // Check of admin user. This should be done with proper JWT token. func CheckAuth(c *gin.Context) bool { tokenStr := c.GetHeader("Token") - if tokenStr == "admin" { + if tokenStr == "admin" || tokenStr == "" { return true } else { return false @@ -834,6 +834,12 @@ func PostSubscriberByID(c *gin.Context) { var claims jwt.MapClaims = nil tokenStr := c.GetHeader("Token") + if tokenStr == "" { + c.JSON(http.StatusBadRequest, gin.H{ + "cause": "Illegal", + }) + return + } if tokenStr != "admin" { claims = ParseJWT(tokenStr) } From aa5a340b23efd6cb272bada3ecbe4d544b7a988e Mon Sep 17 00:00:00 2001 From: Jesse Tu Date: Mon, 24 Jan 2022 04:11:48 +0000 Subject: [PATCH 2/3] Handle illegal token --- backend/WebUI/api_webui.go | 75 +++++++++++++++++++++++++++++--------- go.mod | 1 + 2 files changed, 58 insertions(+), 18 deletions(-) diff --git a/backend/WebUI/api_webui.go b/backend/WebUI/api_webui.go index e971f14d..dc3b58b0 100644 --- a/backend/WebUI/api_webui.go +++ b/backend/WebUI/api_webui.go @@ -13,6 +13,7 @@ import ( "github.com/dgrijalva/jwt-go" "github.com/gin-gonic/gin" "github.com/google/uuid" + "github.com/pkg/errors" "go.mongodb.org/mongo-driver/bson" "golang.org/x/crypto/bcrypt" @@ -410,20 +411,24 @@ type AuthSub struct { } // Parse JWT -func ParseJWT(tokenStr string) jwt.MapClaims { - token, _ := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) { +func ParseJWT(tokenStr string) (jwt.MapClaims, error) { + token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) { return []byte(os.Getenv("SIGNINGKEY")), nil }) + if err != nil { + return nil, errors.Wrap(err, "ParseJWT error") + } + claims, _ := token.Claims.(jwt.MapClaims) - return claims + return claims, nil } // Check of admin user. This should be done with proper JWT token. func CheckAuth(c *gin.Context) bool { tokenStr := c.GetHeader("Token") - if tokenStr == "admin" || tokenStr == "" { + if tokenStr == "admin" { return true } else { return false @@ -431,13 +436,16 @@ func CheckAuth(c *gin.Context) bool { } // Tenat ID -func GetTenantId(c *gin.Context) string { +func GetTenantId(c *gin.Context) (string, error) { tokenStr := c.GetHeader("Token") if tokenStr == "admin" { - return "" + return "", nil } - claims := ParseJWT(tokenStr) - return claims["tenantId"].(string) + claims, err := ParseJWT(tokenStr) + if err != nil { + return "", errors.Wrap(err, "GetTenantId error") + } + return claims["tenantId"].(string), nil } // Tenant @@ -737,8 +745,16 @@ func GetSubscribers(c *gin.Context) { tokenStr := c.GetHeader("Token") var claims jwt.MapClaims = nil + var err error = nil if tokenStr != "admin" { - claims = ParseJWT(tokenStr) + claims, err = ParseJWT(tokenStr) + } + if err != nil { + logger.WebUILog.Errorln(err.Error()) + c.JSON(http.StatusBadRequest, gin.H{ + "cause": "Illegal Token", + }) + return } var subsList []SubsListIE = make([]SubsListIE, 0) @@ -833,20 +849,27 @@ func PostSubscriberByID(c *gin.Context) { logger.WebUILog.Infoln("Post One Subscriber Data") var claims jwt.MapClaims = nil + var err error = nil tokenStr := c.GetHeader("Token") - if tokenStr == "" { + + if tokenStr != "admin" { + claims, err = ParseJWT(tokenStr) + } + if err != nil { + logger.WebUILog.Errorln(err.Error()) c.JSON(http.StatusBadRequest, gin.H{ - "cause": "Illegal", + "cause": "Illegal Token", }) return } - if tokenStr != "admin" { - claims = ParseJWT(tokenStr) - } var subsData SubsData if err := c.ShouldBindJSON(&subsData); err != nil { - logger.WebUILog.Panic(err.Error()) + logger.WebUILog.Errorf("PostSubscriberByID err: %v", err) + c.JSON(http.StatusBadRequest, gin.H{ + "cause": "JSON format incorrect", + }) + return } ueId := c.Param("ueId") @@ -930,7 +953,11 @@ func PutSubscriberByID(c *gin.Context) { var subsData SubsData if err := c.ShouldBindJSON(&subsData); err != nil { - logger.WebUILog.Panic(err.Error()) + logger.WebUILog.Errorf("PutSubscriberByID err: %v", err) + c.JSON(http.StatusBadRequest, gin.H{ + "cause": "JSON format incorrect", + }) + return } ueId := c.Param("ueId") @@ -1000,7 +1027,11 @@ func PatchSubscriberByID(c *gin.Context) { var subsData SubsData if err := c.ShouldBindJSON(&subsData); err != nil { - logger.WebUILog.Panic(err.Error()) + logger.WebUILog.Errorf("PatchSubscriberByID err: %v", err) + c.JSON(http.StatusBadRequest, gin.H{ + "cause": "JSON format incorrect", + }) + return } ueId := c.Param("ueId") @@ -1102,7 +1133,15 @@ func GetRegisteredUEContext(c *gin.Context) { } // Filter by tenant. - tenantId := GetTenantId(c) + tenantId, err := GetTenantId(c) + if err != nil { + logger.WebUILog.Errorln(err.Error()) + c.JSON(http.StatusBadRequest, gin.H{ + "cause": "Illegal Token", + }) + return + } + if tenantId == "" { sendResponseToClient(c, resp) } else { diff --git a/go.mod b/go.mod index 232f667c..a5cfe482 100644 --- a/go.mod +++ b/go.mod @@ -16,6 +16,7 @@ require ( github.com/gin-gonic/gin v1.6.3 github.com/google/uuid v1.3.0 github.com/mitchellh/mapstructure v1.4.0 + github.com/pkg/errors v0.9.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/sirupsen/logrus v1.7.0 github.com/urfave/cli v1.22.5 From 8ae7a085d83ee117e4c756e7fc53e27ffe0537ee Mon Sep 17 00:00:00 2001 From: Ian Chen Date: Fri, 21 Jan 2022 10:01:59 +0000 Subject: [PATCH 3/3] disable linter on tenantId matching --- backend/WebUI/api_webui.go | 2 +- frontend/src/pages/Users/UserOverview.js | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/WebUI/api_webui.go b/backend/WebUI/api_webui.go index dc3b58b0..41b77b8a 100644 --- a/backend/WebUI/api_webui.go +++ b/backend/WebUI/api_webui.go @@ -7,8 +7,8 @@ import ( "net/http" "os" "reflect" - "time" "strings" + "time" "github.com/dgrijalva/jwt-go" "github.com/gin-gonic/gin" diff --git a/frontend/src/pages/Users/UserOverview.js b/frontend/src/pages/Users/UserOverview.js index 6422d992..34cc83e5 100644 --- a/frontend/src/pages/Users/UserOverview.js +++ b/frontend/src/pages/Users/UserOverview.js @@ -12,6 +12,7 @@ class UserOverview extends Component { }; async componentDidMount() { + //eslint-disable-next-line const tenantId = this.props.match.url.replace(/^.*[\\\/]/, ''); ApiHelper.fetchUsers(tenantId).then();