From af2daf28864ac0cc765933b4ee52a8a68901aee6 Mon Sep 17 00:00:00 2001 From: candysmurf <77.ears@gmail.com> Date: Mon, 12 Jun 2017 12:18:55 -0700 Subject: [PATCH] Fixed #1660: better not authorized handling for API V2 --- mgmt/rest/server.go | 2 +- mgmt/rest/v2/api.go | 28 ++++++++++++------------ mgmt/rest/v2/error.go | 13 +++++++++++ swagger.json | 50 +++++++++++++++++++++++++++++++------------ 4 files changed, 64 insertions(+), 29 deletions(-) diff --git a/mgmt/rest/server.go b/mgmt/rest/server.go index 9a7904ea7..1676c9efe 100644 --- a/mgmt/rest/server.go +++ b/mgmt/rest/server.go @@ -174,7 +174,7 @@ func (s *Server) authMiddleware(rw http.ResponseWriter, r *http.Request, next ht if ok && password == s.authpwd { next(rw, r) } else { - http.Error(rw, "Not Authorized", 401) + v2.Write(401, v2.UnauthError{Code: 401, Message: "Not authorized. Please specify the same password that used to start snapteld. E.g: [snaptel -p plugin list] or [curl http://localhost:8181/v2/plugins -u snap]"}, rw) } } else { next(rw, r) diff --git a/mgmt/rest/v2/api.go b/mgmt/rest/v2/api.go index 3bd035ea2..23746a6ad 100644 --- a/mgmt/rest/v2/api.go +++ b/mgmt/rest/v2/api.go @@ -69,7 +69,7 @@ func (s *apiV2) GetRoutes() []api.Route { // // Responses: // 200: PluginsResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "GET", Path: prefix + "/plugins", Handle: s.getPlugins}, // swagger:route GET /plugins/{ptype}/{pname}/{pversion} plugins getPlugin // @@ -87,7 +87,7 @@ func (s *apiV2) GetRoutes() []api.Route { // 400: ErrorResponse // 404: ErrorResponse // 500: ErrorResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "GET", Path: prefix + "/plugins/:type/:name/:version", Handle: s.getPlugin}, // swagger:route POST /plugins plugins loadPlugin // @@ -109,7 +109,7 @@ func (s *apiV2) GetRoutes() []api.Route { // 409: ErrorResponse // 415: ErrorResponse // 500: ErrorResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "POST", Path: prefix + "/plugins", Handle: s.loadPlugin}, // swagger:route DELETE /plugins/{ptype}/{pname}/{pversion} plugins unloadPlugin // @@ -128,7 +128,7 @@ func (s *apiV2) GetRoutes() []api.Route { // 404: ErrorResponse // 409: ErrorResponse // 500: ErrorResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "DELETE", Path: prefix + "/plugins/:type/:name/:version", Handle: s.unloadPlugin}, // swagger:route GET /plugins/{ptype}/{pname}/{pversion}/config plugins getPluginConfigItem // @@ -144,7 +144,7 @@ func (s *apiV2) GetRoutes() []api.Route { // Responses: // 200: PluginConfigResponse // 400: ErrorResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "GET", Path: prefix + "/plugins/:type/:name/:version/config", Handle: s.getPluginConfigItem}, // swagger:route PUT /plugins/{ptype}/{pname}/{pversion}/config plugins setPluginConfigItem // @@ -163,7 +163,7 @@ func (s *apiV2) GetRoutes() []api.Route { // Responses: // 200: PluginConfigResponse // 400: ErrorResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "PUT", Path: prefix + "/plugins/:type/:name/:version/config", Handle: s.setPluginConfigItem}, // swagger:route DELETE /plugins/{ptype}/{pname}/{pversion}/config plugins deletePluginConfigItem // @@ -182,7 +182,7 @@ func (s *apiV2) GetRoutes() []api.Route { // Responses: // 200: PluginConfigResponse // 400: ErrorResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "DELETE", Path: prefix + "/plugins/:type/:name/:version/config", Handle: s.deletePluginConfigItem}, // swagger:route GET /metrics plugins getMetrics // @@ -199,7 +199,7 @@ func (s *apiV2) GetRoutes() []api.Route { // 200: MetricsResponse // 404: ErrorResponse // 500: ErrorResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "GET", Path: prefix + "/metrics", Handle: s.getMetrics}, // swagger:route GET /tasks tasks getTasks // @@ -214,7 +214,7 @@ func (s *apiV2) GetRoutes() []api.Route { // // Responses: // 200: TasksResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "GET", Path: prefix + "/tasks", Handle: s.getTasks}, // swagger:route GET /tasks/{id} tasks getTask // @@ -230,7 +230,7 @@ func (s *apiV2) GetRoutes() []api.Route { // Responses: // 200: TaskResponse // 404: ErrorResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "GET", Path: prefix + "/tasks/:id", Handle: s.getTask}, // swagger:route GET /tasks/{id}/watch tasks watchTask // @@ -247,7 +247,7 @@ func (s *apiV2) GetRoutes() []api.Route { // 200: TaskWatchResponse // 404: ErrorResponse // 500: ErrorResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "GET", Path: prefix + "/tasks/:id/watch", Handle: s.watchTask}, // swagger:route POST /tasks tasks addTask // @@ -266,7 +266,7 @@ func (s *apiV2) GetRoutes() []api.Route { // Responses: // 201: TaskResponse // 500: ErrorResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "POST", Path: prefix + "/tasks", Handle: s.addTask}, // swagger:route PUT /tasks/{id} tasks updateTaskState // @@ -287,7 +287,7 @@ func (s *apiV2) GetRoutes() []api.Route { // 400: ErrorResponse // 409: ErrorResponse // 500: ErrorResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "PUT", Path: prefix + "/tasks/:id", Handle: s.updateTaskState}, // swagger:route DELETE /tasks/{id} tasks removeTask // @@ -304,7 +304,7 @@ func (s *apiV2) GetRoutes() []api.Route { // 204: TaskResponse // 404: ErrorResponse // 500: TaskErrorResponse - // 401: ErrorResponse + // 401: UnauthResponse api.Route{Method: "DELETE", Path: prefix + "/tasks/:id", Handle: s.removeTask}, } return routes diff --git a/mgmt/rest/v2/error.go b/mgmt/rest/v2/error.go index 1ccddcad0..ea2a3f5a5 100644 --- a/mgmt/rest/v2/error.go +++ b/mgmt/rest/v2/error.go @@ -50,6 +50,19 @@ type ErrorResponse struct { SnapError Error `json: "snap_error"` } +// UnauthResponse returns Unauthorized error struct message. +// swagger:response UnauthResponse +type UnauthResponse struct { + // in:body + Unauth UnauthError `json:"unauth"` +} + +// UnauthError defines the error type of an unauthorized response. +type UnauthError struct { + Code int `json:"code"` + Message string `json:"message"` +} + // Unsuccessful generic response to a failed API call type Error struct { ErrorMessage string `json:"message"` diff --git a/swagger.json b/swagger.json index a6158d679..4fa492127 100644 --- a/swagger.json +++ b/swagger.json @@ -63,7 +63,7 @@ "$ref": "#/responses/MetricsResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" }, "404": { "$ref": "#/responses/ErrorResponse" @@ -119,7 +119,7 @@ "$ref": "#/responses/PluginsResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" } } }, @@ -157,7 +157,7 @@ "$ref": "#/responses/ErrorResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" }, "409": { "$ref": "#/responses/ErrorResponse" @@ -223,7 +223,7 @@ "$ref": "#/responses/ErrorResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" }, "404": { "$ref": "#/responses/ErrorResponse" @@ -284,7 +284,7 @@ "$ref": "#/responses/ErrorResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" }, "404": { "$ref": "#/responses/ErrorResponse" @@ -350,7 +350,7 @@ "$ref": "#/responses/ErrorResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" } } }, @@ -419,7 +419,7 @@ "$ref": "#/responses/ErrorResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" } } }, @@ -489,7 +489,7 @@ "$ref": "#/responses/ErrorResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" } } } @@ -514,7 +514,7 @@ "$ref": "#/responses/TasksResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" } } }, @@ -552,7 +552,7 @@ "$ref": "#/responses/TaskResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" }, "500": { "$ref": "#/responses/ErrorResponse" @@ -589,7 +589,7 @@ "$ref": "#/responses/TaskResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" }, "404": { "$ref": "#/responses/ErrorResponse" @@ -638,7 +638,7 @@ "$ref": "#/responses/ErrorResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" }, "409": { "$ref": "#/responses/ErrorResponse" @@ -676,7 +676,7 @@ "$ref": "#/responses/TaskResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" }, "404": { "$ref": "#/responses/ErrorResponse" @@ -716,7 +716,7 @@ "$ref": "#/responses/TaskWatchResponse" }, "401": { - "$ref": "#/responses/ErrorResponse" + "$ref": "#/responses/UnauthResponse" }, "404": { "$ref": "#/responses/ErrorResponse" @@ -1223,6 +1223,22 @@ }, "x-go-package": "github.com/intelsdi-x/snap/mgmt/rest/v2" }, + "UnauthError": { + "type": "object", + "title": "UnauthError defines the error type of an unauthorized response.", + "properties": { + "code": { + "type": "integer", + "format": "int64", + "x-go-name": "Code" + }, + "message": { + "type": "string", + "x-go-name": "Message" + } + }, + "x-go-package": "github.com/intelsdi-x/snap/mgmt/rest/v2" + }, "WorkflowMap": { "description": "WorkflowMap represents a map of a desired workflow that is used to create a scheduleWorkflow", "type": "object", @@ -1327,6 +1343,12 @@ } } } + }, + "UnauthResponse": { + "description": "UnauthResponse returns Unauthorized error struct message.", + "schema": { + "$ref": "#/definitions/UnauthError" + } } }, "securityDefinitions": {