milvus-io
/
milvus
mirror of https://github.com/milvus-io/milvus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Hide the password info when failing to authorize (#28428) 

/kind improvement

Signed-off-by: SimFG <bang.fu@zilliz.com>
pull/28445/merge
SimFG 2023-11-15 14:40:26 +08:00 committed by GitHub
parent 836f300536
commit 899a5a32cd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
internal/proxy/authentication_interceptor.go
View File

@ -62,7 +62,7 @@ func AuthenticationInterceptor(ctx context.Context) (context.Context, error) {
if len(authStrArr) < 1 {
log.Warn("key not found in header")
return nil, merr.WrapErrParameterInvalidMsg("missing authorization in header")
return nil, status.Error(codes.Unauthenticated, "missing authorization in header")
}
// token format: base64<username:password>
@ -71,14 +71,14 @@ func AuthenticationInterceptor(ctx context.Context) (context.Context, error) {
rawToken, err := crypto.Base64Decode(token)
if err != nil {
log.Warn("fail to decode the token", zap.Error(err))
return nil, merr.WrapErrParameterInvalidMsg("invalid token format")
return nil, status.Error(codes.Unauthenticated, "invalid token format")
}
if !strings.Contains(rawToken, util.CredentialSeperator) {
user, err := VerifyAPIKey(rawToken)
if err != nil {
log.Warn("fail to verify apikey", zap.Error(err))
return nil, err
return nil, status.Error(codes.Unauthenticated, "auth check failure, please check api key is correct")
}
metrics.UserRPCCounter.WithLabelValues(user).Inc()
userToken := fmt.Sprintf("%s%s%s", user, util.CredentialSeperator, "___")
@ -88,8 +88,9 @@ func AuthenticationInterceptor(ctx context.Context) (context.Context, error) {
// username+password authentication
username, password := parseMD(rawToken)
if !passwordVerify(ctx, username, password, globalMetaCache) {
log.Warn("fail to verify password", zap.String("username", username))
// NOTE: don't use the merr, because it will cause the wrong retry behavior in the sdk
return nil, status.Errorf(codes.Unauthenticated, "auth check failure, please check username [%s] and password [%s] are correct", username, password)
return nil, status.Error(codes.Unauthenticated, "auth check failure, please check username and password are correct")
}
metrics.UserRPCCounter.WithLabelValues(username).Inc()
}