这是indexloc提供的服务,不要输入任何密码
Skip to content

remove x-hasura-access-key header from logs (fix #1016) #1017

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Nov 13, 2018
Merged

remove x-hasura-access-key header from logs (fix #1016) #1017

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
81a486d
remove x-hasura-access-key header from logs, fix #1016
rakeshkky Nov 12, 2018
8f86636
remove deleting the access-key header logic in jwt
0x777 Nov 13, 2018
b901693
Merge branch 'master' into issue-1016-access-key-log
0x777 Nov 13, 2018
668ae96
fix the compilation issues introduced with prev commit
0x777 Nov 13, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions server/src-lib/Hasura/RQL/Types/Permission.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ module Hasura.RQL.Types.Permission
) where

import Hasura.Prelude
import Hasura.Server.Utils (accessKeyHeader, userRoleHeader)
import Hasura.SQL.Types

import qualified Database.PG.Query as Q
Expand Down Expand Up @@ -68,7 +69,7 @@ isUserVar = T.isPrefixOf "x-hasura-" . T.toLower

roleFromVars :: UserVars -> Maybe RoleName
roleFromVars =
fmap RoleName . getVarVal userRoleVar
fmap RoleName . getVarVal userRoleHeader

getVarVal :: Text -> UserVars -> Maybe Text
getVarVal k =
Expand All @@ -85,9 +86,6 @@ mkUserVars l =
| (k, v) <- l, isUserVar k
]

userRoleVar :: Text
userRoleVar = "x-hasura-role"

data UserInfo
= UserInfo
{ userRole :: !RoleName
Expand All @@ -96,7 +94,8 @@ data UserInfo

mkUserInfo :: RoleName -> UserVars -> UserInfo
mkUserInfo rn (UserVars v) =
UserInfo rn $ UserVars $ Map.insert userRoleVar (getRoleTxt rn) v
UserInfo rn $ UserVars $ Map.insert userRoleHeader (getRoleTxt rn) $
Map.delete accessKeyHeader v

instance Hashable UserInfo

Expand Down
5 changes: 1 addition & 4 deletions server/src-lib/Hasura/Server/Auth/JWT.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,10 +218,7 @@ processAuthZHeader jwtCtx headers authzHeader = do
-- transform the map of text:aeson-value -> text:text
metadata <- decodeJSON $ A.Object finalClaims

-- delete the x-hasura-access-key from this map, and insert x-hasura-role
let hasuraMd = Map.delete accessKeyHeader metadata

return $ mkUserInfo role $ mkUserVars $ Map.toList hasuraMd
return $ mkUserInfo role $ mkUserVars $ Map.toList metadata

where
parseAuthzHeader = do
Expand Down