Skip to content

Commit

Permalink
fix: relax auth checks to defer to auth svc
Browse files Browse the repository at this point in the history
  • Loading branch information
@aarlaud
aarlaud committed Feb 3, 2025
1 parent 576005a commit 53b1431
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 9 deletions.
1 change: 1 addition & 0 deletions lib/client/auth/brokerServerConnection.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ export const renewBrokerServerConnection = async (
headers: {
authorization: brokerServerConnectionParams.authorization,
'user-agent': `Snyk Broker Client ${version}`,
'Content-type': 'application/vnd.api+json',
},
method: 'POST',
body: JSON.stringify(body),
Expand Down
11 changes: 2 additions & 9 deletions lib/server/routesHandlers/authHandlers.ts
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
import { Request, Response } from 'express';
import { validateBrokerClientCredentials } from '../auth/authHelpers';
import { log as logger } from '../../logs/logger';
import { validate } from 'uuid';
import { getSocketConnectionByIdentifier } from '../socket';
import { maskToken } from '../../common/utils/token';
interface BrokerConnectionAuthRequest {
Expand All @@ -19,21 +18,15 @@ export const authRefreshHandler = async (req: Request, res: Response) => {
const role = req.query['connection_role'];
const credentials = `${credentialsFromHeader}`;
const brokerAppClientId =
req.headers[`${process.env.SNYK_INTERNAL_AUTH_CLIENT_ID_HEADER}`];
req.headers[`${process.env.SNYK_INTERNAL_AUTH_CLIENT_ID_HEADER}`] ??
'not available';
const identifier = req.params.identifier;
logger.debug(
{ maskedToken: maskToken(identifier), brokerAppClientId, role },
`Auth Refresh`,
);
const body = JSON.parse(req.body.toString()) as BrokerConnectionAuthRequest;
const brokerClientId = body.data.attributes.broker_client_id;
if (!validate(brokerClientId) || !validate(brokerAppClientId)) {
logger.warn(
{ identifier, brokerClientId, brokerAppClientId },
'Invalid credentials',
);
return res.status(401).send('Invalid parameters or credentials.');
}

const connection = getSocketConnectionByIdentifier(identifier);
const currentClient = connection
Expand Down

0 comments on commit 53b1431

Please sign in to comment.