From d028bc100a236e0c8373bd2d8245256908ecc4bf Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Mon, 27 Sep 2021 15:22:08 +0200 Subject: [PATCH 1/2] Ensure basic auth and body are only tested if explicitly set --- CHANGELOG.md | 8 ++++++++ pkg/httpserver/httpserver.go | 11 ++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 878782a..602e5df 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,14 @@ This project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] +### Added + +- Added file template helper function. [#25](https://github.com/elastic/stream/pull/25) + +### Fixed + +- Ensure basic auth and body are only tested if explicitly set. [#28](https://github.com/elastic/stream/pull/28) + ## [0.5.0] - Added option to set up custom buffer size for the log reader. [#22](https://github.com/elastic/stream/pull/22) diff --git a/pkg/httpserver/httpserver.go b/pkg/httpserver/httpserver.go index fd99b87..646e03c 100644 --- a/pkg/httpserver/httpserver.go +++ b/pkg/httpserver/httpserver.go @@ -173,10 +173,19 @@ func newHandlerFromConfig(config *config, logger *zap.SugaredLogger) (http.Handl route.MatcherFunc(func(r *http.Request, rm *mux.RouteMatch) bool { user, password, _ := r.BasicAuth() - return rule.User == user && rule.Password == password + if rule.User != "" && user != rule.User { + return false + } + if rule.Password != "" && password != rule.Password { + return false + } + return true }) route.MatcherFunc(func(r *http.Request, rm *mux.RouteMatch) bool { + if rule.RequestBody == "" { + return true + } body, err := ioutil.ReadAll(r.Body) if err != nil { return false From 66bc67184150f1e3578ac099dba526cf95451cf6 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Thu, 30 Sep 2021 15:37:57 +0200 Subject: [PATCH 2/2] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 602e5df..2a2f5b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). ### Added - Added file template helper function. [#25](https://github.com/elastic/stream/pull/25) +- Added regular expression-based body matching [#26](https://github.com/elastic/stream/pull/26) ### Fixed