From 81b9d4abf4872201acdf9e844655796aa8fed902 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Thu, 30 Sep 2021 15:43:39 +0200 Subject: [PATCH] Ensure basic auth and body are only tested if explicitly set (#28) * Ensure basic auth and body are only tested if explicitly set * Update CHANGELOG.md --- CHANGELOG.md | 9 +++++++++ pkg/httpserver/httpserver.go | 11 ++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 878782a..2a2f5b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,15 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] +### Added + +- Added file template helper function. [#25](https://github.com/elastic/stream/pull/25) +- Added regular expression-based body matching [#26](https://github.com/elastic/stream/pull/26) + +### Fixed + +- Ensure basic auth and body are only tested if explicitly set. [#28](https://github.com/elastic/stream/pull/28) + ## [0.5.0] - Added option to set up custom buffer size for the log reader. [#22](https://github.com/elastic/stream/pull/22) diff --git a/pkg/httpserver/httpserver.go b/pkg/httpserver/httpserver.go index 62ce4ac..e4b071d 100644 --- a/pkg/httpserver/httpserver.go +++ b/pkg/httpserver/httpserver.go @@ -174,7 +174,13 @@ func newHandlerFromConfig(config *config, logger *zap.SugaredLogger) (http.Handl route.MatcherFunc(func(r *http.Request, rm *mux.RouteMatch) bool { user, password, _ := r.BasicAuth() - return rule.User == user && rule.Password == password + if rule.User != "" && user != rule.User { + return false + } + if rule.Password != "" && password != rule.Password { + return false + } + return true }) var bodyRE *regexp.Regexp @@ -187,6 +193,9 @@ func newHandlerFromConfig(config *config, logger *zap.SugaredLogger) (http.Handl } } route.MatcherFunc(func(r *http.Request, rm *mux.RouteMatch) bool { + if rule.RequestBody == "" { + return true + } body, err := ioutil.ReadAll(r.Body) if err != nil { return false