From cf3a65f96abcc97ed9bfc81b1562054729aca3a8 Mon Sep 17 00:00:00 2001 From: Stuart Douglas Date: Sun, 24 Mar 2024 11:40:54 +1100 Subject: [PATCH] Don't run auth check for every log fragment --- pkg/api/server/v1alpha2/logs.go | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/pkg/api/server/v1alpha2/logs.go b/pkg/api/server/v1alpha2/logs.go index 3e08b2faa..3ede5d789 100644 --- a/pkg/api/server/v1alpha2/logs.go +++ b/pkg/api/server/v1alpha2/logs.go @@ -92,7 +92,7 @@ func getLogRecord(txn *gorm.DB, parent, result, name string) (*db.Record, error) // UpdateLog updates log record content func (s *Server) UpdateLog(srv pb.Logs_UpdateLogServer) error { - var name string + var name, parent, resultName, recordName string var bytesWritten int64 var rec *db.Record var object *v1alpha2.Log @@ -114,6 +114,14 @@ func (s *Server) UpdateLog(srv pb.Logs_UpdateLogServer) error { if name == "" { name = recv.GetName() s.logger.Debugf("receiving logs for %s", name) + parent, resultName, recordName, err = log.ParseName(name) + if err != nil { + return s.handleReturn(srv, rec, object, bytesWritten, err) + } + + if err := s.auth.Check(srv.Context(), parent, auth.ResourceLogs, auth.PermissionUpdate); err != nil { + return s.handleReturn(srv, rec, object, bytesWritten, err) + } } if name != recv.GetName() { err := fmt.Errorf("cannot put logs for multiple records in the same server") @@ -124,21 +132,11 @@ func (s *Server) UpdateLog(srv pb.Logs_UpdateLogServer) error { err) } - parent, resultName, recordName, err := log.ParseName(name) - if err != nil { - return s.handleReturn(srv, rec, object, bytesWritten, err) - } - - if err := s.auth.Check(srv.Context(), parent, auth.ResourceLogs, auth.PermissionUpdate); err != nil { - return s.handleReturn(srv, rec, object, bytesWritten, err) - } - if rec == nil { rec, err = getRecord(s.db.WithContext(srv.Context()), parent, resultName, recordName) if err != nil { return s.handleReturn(srv, rec, object, bytesWritten, err) } - } if stream == nil {