Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(server): auth error fix bug #1459

Merged
merged 1 commit into from
Feb 27, 2025
Merged

fix(server): auth error fix bug #1459

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 5 additions & 13 deletions server/internal/app/app.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,24 +58,22 @@ func initEcho(ctx context.Context, cfg *ServerConfig) *echo.Echo {
}

// auth
authConfig := cfg.Config.JWTProviders()
log.Infof("auth: config: %#v", authConfig)

var wrapHandler func(http.Handler) http.Handler
if cfg.Config.UseMockAuth() {
log.Infof("Using mock auth for local development")
wrapHandler = func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

ctx := r.Context()
ctx = adapter.AttachMockAuth(ctx, true)
next.ServeHTTP(w, r.WithContext(ctx))
})
}
} else {
authConfig := cfg.Config.JWTProviders()
log.Infof("auth: config: %#v", authConfig)
if cfg.Config.AuthSrv.Disabled {
wrapHandler = lo.Must(AuthMiddlewareDummy())
} else {
wrapHandler = lo.Must(appx.AuthMiddleware(authConfig, adapter.ContextAuthInfo, true))
}
wrapHandler = lo.Must(appx.AuthMiddleware(authConfig, adapter.ContextAuthInfo, true))
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Be cautious with lo.Must() as it may panic

Using lo.Must() will cause the application to panic if appx.AuthMiddleware returns an error. Consider handling the error explicitly to ensure graceful failure, especially since this is in the server initialization path.

🏁 Script executed:

#!/bin/bash
# Check how appx.AuthMiddleware handles errors and if lo.Must is used elsewhere
rg -A 2 -B 2 "appx.AuthMiddleware" --type go
rg "lo.Must" --type go

Length of output: 5549

Critical: Address Potential Panic in Server Initialization

The call to lo.Must(appx.AuthMiddleware(authConfig, adapter.ContextAuthInfo, true)) on line 76 can cause the server to panic if an error is returned, leading to an abrupt startup failure. While lo.Must is used in various places (especially in tests), it's not ideal for production initialization. Please consider refactoring this section to handle errors explicitly (for example, by checking the error, logging it, and shutting down gracefully) to ensure a more reliable startup.

• File: server/internal/app/app.go, line 76

}

e.Use(echo.WrapMiddleware(wrapHandler))
Expand Down Expand Up @@ -161,12 +159,6 @@ func initEcho(ctx context.Context, cfg *ServerConfig) *echo.Echo {
return e
}

func AuthMiddlewareDummy() (func(http.Handler) http.Handler, error) {
return func(next http.Handler) http.Handler {
return next
}, nil
}

func errorHandler(next func(error, echo.Context)) func(error, echo.Context) {
return func(err error, c echo.Context) {
if c.Response().Committed {
Expand Down
Loading