fix(api): do not load user infos, just check the session (#3442)

Signed-off-by: Benjamin Coenen <[email protected]>
ovh · Oct 11, 2018 · a33db19 · a33db19
1 parent 13a2388
commit a33db19
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 12 deletions.
diff --git a/engine/api/api_routes.go b/engine/api/api_routes.go
@@ -377,7 +377,7 @@ func (api *API) InitRouter() {
 
 	// Users
 	r.Handle("/user", r.GET(api.getUsersHandler))
-	r.Handle("/user/me", r.GET(api.getUserMeHandler))
+	r.Handle("/user/logged", r.GET(api.getUserLoggedHandler, Auth(false)))
 	r.Handle("/user/favorite", r.POST(api.postUserFavoriteHandler))
 	r.Handle("/user/timeline", r.GET(api.getTimelineHandler))
 	r.Handle("/user/timeline/filter", r.GET(api.getTimelineFilterHandler), r.POST(api.postTimelineFilterHandler))

diff --git a/engine/api/user.go b/engine/api/user.go
@@ -3,7 +3,6 @@ package api
 import (
 	"context"
 	"database/sql"
-	"fmt"
 	"net/http"
 	"time"
 
@@ -159,16 +158,21 @@ func (api *API) getUsersHandler() service.Handler {
 	}
 }
 
-// getUserMeHandler fetches current user data
-func (api *API) getUserMeHandler() service.Handler {
+// getUserLoggedHandler check if the current user is connected
+func (api *API) getUserLoggedHandler() service.Handler {
 	return func(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
-		u := getUser(ctx)
-		if u == nil {
-			return fmt.Errorf("getUserMeHandler> user is nil")
+		h := r.Header.Get(sdk.SessionTokenHeader)
+		if h == "" {
+			return sdk.ErrUnauthorized
+		}
+
+		store := api.Router.AuthDriver.Store()
+		key := sessionstore.SessionKey(h)
+		if ok, _ := store.Exists(key); !ok {
+			return sdk.ErrUnauthorized
 		}
-		u.Groups = nil
-		u.Permissions = sdk.UserPermissions{}
-		return service.WriteJSON(w, *u, http.StatusOK)
+
+		return service.WriteJSON(w, nil, http.StatusOK)
 	}
 }
 

diff --git a/engine/service/http.go b/engine/service/http.go
@@ -106,7 +106,7 @@ func WriteError(w http.ResponseWriter, r *http.Request, err error) {
 	// ErrAlreadyTaken and ErrWorkerModelAlreadyBooked are not useful to log in warning
 	if sdk.ErrorIs(httpErr, sdk.ErrAlreadyTaken) ||
 		sdk.ErrorIs(httpErr, sdk.ErrWorkerModelAlreadyBooked) ||
-		sdk.ErrorIs(httpErr, sdk.ErrJobAlreadyBooked) || r.URL.Path == "/user/me" {
+		sdk.ErrorIs(httpErr, sdk.ErrJobAlreadyBooked) || r.URL.Path == "/user/logged" {
 		entry.Debugf("%s", err)
 	} else {
 		entry.Warningf("%s", err)

diff --git a/ui/src/app/app.component.ts b/ui/src/app/app.component.ts
@@ -157,7 +157,7 @@ export class AppComponent  implements OnInit {
             urlSubscribe: environment.apiURL + '/events/subscribe',
             urlUnsubscribe: environment.apiURL + 'events/unsubscribe',
             sseURL: environment.apiURL + '/events',
-            pingURL: environment.apiURL + '/user/me'
+            pingURL: environment.apiURL + '/user/logged'
         });
         this.sseWorker.response().subscribe(e => {
             if (e == null) {