Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-31 03:09:44 +02:00
Code Issues Releases Activity

fix(api/docker): no authorized user can call restricted api [EE-6808] (#11478)
Some checks failed
ci / build_images (map[arch:amd64 platform:linux version:]) (push) Has been cancelled
ci / build_images (map[arch:amd64 platform:windows version:1809]) (push) Has been cancelled
ci / build_images (map[arch:amd64 platform:windows version:ltsc2022]) (push) Has been cancelled
ci / build_images (map[arch:arm platform:linux version:]) (push) Has been cancelled
ci / build_images (map[arch:arm64 platform:linux version:]) (push) Has been cancelled
ci / build_images (map[arch:ppc64le platform:linux version:]) (push) Has been cancelled
ci / build_images (map[arch:s390x platform:linux version:]) (push) Has been cancelled
/ triage (push) Has been cancelled
Lint / Run linters (push) Has been cancelled
Test / test-client (push) Has been cancelled
Test / test-server (map[arch:amd64 platform:linux]) (push) Has been cancelled
Test / test-server (map[arch:amd64 platform:windows version:1809]) (push) Has been cancelled
Test / test-server (map[arch:amd64 platform:windows version:ltsc2022]) (push) Has been cancelled
Test / test-server (map[arch:arm64 platform:linux]) (push) Has been cancelled
ci / build_manifests (push) Has been cancelled

Browse source
This commit is contained in:
Oscar Zhou 2024-05-22 09:08:51 +12:00 committed by GitHub
parent 6e0dd34cc8
commit ccb6dd7f1a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 24 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

20
api/http/middlewares/endpoint.go
View file

@ -7,6 +7,7 @@ import (
portainer "github.com/portainer/portainer/api"
"github.com/portainer/portainer/api/dataservices"
"github.com/portainer/portainer/api/http/security"
httperror "github.com/portainer/portainer/pkg/libhttp/error"
requesthelpers "github.com/portainer/portainer/pkg/libhttp/request"
@ -63,3 +64,22 @@ func FetchEndpoint(request *http.Request) (*portainer.Endpoint, error) {
return contextData.(*portainer.Endpoint), nil
}
func CheckEndpointAuthorization(bouncer security.BouncerService) mux.MiddlewareFunc {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
endpoint, err := FetchEndpoint(r)
if err != nil {
httperror.WriteError(w, http.StatusNotFound, "Unable to find an environment on request context", err)
return
}
if err = bouncer.AuthorizedEndpointOperation(r, endpoint); err != nil {
httperror.WriteError(w, http.StatusForbidden, "Permission denied to access environment", err)
return
}
next.ServeHTTP(w, r)
})
}
}