Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

241015 main from release ( v3.2.1 ) #545

Merged
merged 830 commits into from
Oct 15, 2024
Merged

241015 main from release ( v3.2.1 ) #545

merged 830 commits into from
Oct 15, 2024

Conversation

ktkfree
Copy link
Contributor

@ktkfree ktkfree commented Oct 15, 2024

241015 main from release ( v3.2.1 )

ktkfree and others added 30 commits April 25, 2024 11:29
@ktkfree
Merge pull request #427 from sangkenlee/tks-policy-guard
853b6dd 
tks 요청이 정책에 차단되지 않도록 템플릿 생성 시 가드 추가
@ktkfree
Merge pull request #428 from openinfradev/fix_snr
a4fc290 
feature. add api to audit
@cho4036
bugfix. fix permission ordering error
fac8202
@ktkfree
feature. change audit scheme and remove database constraint
92bc8bd
@ktkfree
Merge pull request #429 from cho4036/user
90ea598 
[RE] bugfix. fix permission ordering error
@ktkfree
Merge pull request #431 from openinfradev/audit_fix
32d8bef 
feature. change audit scheme and remove database constraint
@ktkfree
trivial. fix typo
0dc9934
@ktkfree
Merge pull request #432 from openinfradev/audit_fix
5ef6b96 
trivial. fix typo
@ktkfree
trivial. add organization name to audits
e4b0bdb
@ktkfree
Merge pull request #433 from openinfradev/fix_audits
53c4ff8 
trivial. add organization name to audits
@ktkfree
trivial. add favorite field to stack response
655df01
@ktkfree
Merge pull request #434 from openinfradev/fix_favorite
b23c457 
trivial. add favorite field to stack response
@ktkfree
trivial. add appserveapps count to stack response
0152704
@ktkfree
Merge pull request #435 from openinfradev/fix_favorite
990049b 
trivial. add appserveapps count to stack response
@seungkyua
Add more info when retrieve projects
318f93d
@seungkyua
Add more info when retrieve projects\n swagger generatte
5b08f01
@robertchoi80
app-serving: make GetLatestTask API work
b0234d0
@robertchoi80
bugfix: pass value to serializer
c9d17c8
@ktkfree
Merge pull request #436 from seungkyua/20240425_change_projects_function
eb973fe 
20240425 change projects function
@sangkenlee
파라미터 추출 개선, 글로벌 변수 할당 처리
ca51a45
@ktkfree
feature. personalization systemNotifications
e4b33a8
@ktkfree
Merge pull request #438 from openinfradev/snr_enhanced
1d20a35 
feature. personalization systemNotifications
@ktkfree
Merge pull request #437 from sangkenlee/param-extract-global-vars
3028867 
파라미터 추출 개선, 글로벌 변수 할당 처리
@ktkfree
feature. change email html
3ebeed2
@ktkfree
Merge pull request #439 from openinfradev/html_change
cec7a4a 
feature. change email html
@robertchoi80
refactor app-serving APIs
0b70cd8 
including deprecation of legacy one
@robertchoi80
trivial: adjust indent with gofmt
27fca66
@ktkfree
trivial. update html temporary_password
3258d32
@ktkfree
Merge pull request #440 from openinfradev/html_change
d535874 
trivial. update html temporary_password
@ktkfree
trivial. add default systemNotificationTemplate when organization cre…
6b2e6ee 
…ated
ktkfree and others added 28 commits July 11, 2024 13:46
@ktkfree
Merge pull request #531 from openinfradev/domains
747c792 
trivial. minor fixes
@ktkfree
trivial. fix parameters for creating lma
e3c37c5
@ktkfree
feature. add domain to clusterDomains
2d255a5
@ktkfree
Merge pull request #532 from openinfradev/domains
18e2e42 
trivial. fix parameters for creating lma
@ktkfree
trivial. fix minor bug
c5b9d4b
@ktkfree
Merge pull request #533 from openinfradev/domains
6a05ec4 
trivial. fix minor bug
@ktkfree
feature. add import api to stacks resource
9cfd907
@cho4036
Merge pull request #534 from openinfradev/byok
1679c30 
feature. add import api to stacks resource
@ktkfree
feature. add import api to stacks resource
a48427c
@ktkfree
Merge branch 'develop' into byok
eacd1fd
@ktkfree
Merge pull request #535 from openinfradev/byok
2ca311d 
feature. add import api to stacks resource
@ktkfree
trivial. change type to string from []byte for kubeconfig
0e39cdf
@ktkfree
Merge pull request #536 from openinfradev/byok1
d08395d 
trivial. change type to string from []byte for kubeconfig
@ktkfree
trivial. change type to string from []byte for kubeconfig
c72fee6
@ktkfree
Merge pull request #537 from openinfradev/byok1
8e0a648 
trivial. change type to string from []byte for kubeconfig
@ktkfree
feature. add GetCloudServices to stack-template API
54c0aca
@ktkfree
Merge pull request #538 from openinfradev/byok1
e01210e 
feature. add GetCloudServices to stack-template API
@ktkfree
feature. add pprof for profiling
198c35e
@cho4036
Merge pull request #539 from openinfradev/byok2
70b7c8e 
feature. add pprof for profiling
@ktkfree
trivial. remove omitempty for getStack response
1f4e342
@ktkfree
Merge pull request #540 from openinfradev/byok2
c6aef44 
trivial. remove omitempty for getStack response
@ktkfree
trivial. change deliminator for domains
8d06514
@ktkfree
Merge pull request #541 from openinfradev/domain
ff8c88d 
trivial. change deliminator for domains
@ktkfree
trivial. change deliminator for domains
c395381
@ktkfree
Merge pull request #542 from openinfradev/domain
1b3c599 
trivial. change deliminator for domains
@ktkfree
trivial. fix lint error
94bf5e2
@ktkfree
Merge pull request #544 from openinfradev/minor_fix
ed1af0f 
trivial. fix lint error
@ktkfree
Merge pull request #543 from openinfradev/develop
10ad5bf 
20241002 release from develop
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 15, 2024
View reviewed changes
internal/helper/jwt.go
@@ -37,3 +38,18 @@
}
return token, err
}

func StringToTokenWithoutVerification(tokenString string) (*jwt.Token, error) {
token, _, err := new(jwt.Parser).ParseUnverified(tokenString, jwt.MapClaims{})

Check failure

Code scanning / CodeQL

Missing JWT signature check High

This JWT is parsed without verification and received from
this user-controlled source
Loading
.
This JWT is parsed without verification and received from
this user-controlled source
Loading
.

Copilot Autofix AI about 1 month ago

To fix the problem, we need to ensure that the JWT is always parsed with signature verification. This involves replacing the StringToTokenWithoutVerification function with a function that verifies the token's signature using a predefined signing key. We will use the jwt.Parse method with a key function to achieve this.

  1. Replace the StringToTokenWithoutVerification function in internal/helper/jwt.go with a new function that verifies the token's signature.
  2. Update the AuthenticateToken method in internal/middleware/auth/authenticator/keycloak/keycloak.go to use the new function.
Suggested changeset 2
internal/helper/jwt.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/internal/helper/jwt.go b/internal/helper/jwt.go
--- a/internal/helper/jwt.go
+++ b/internal/helper/jwt.go
@@ -41,6 +41,9 @@
 
-func StringToTokenWithoutVerification(tokenString string) (*jwt.Token, error) {
-	token, _, err := new(jwt.Parser).ParseUnverified(tokenString, jwt.MapClaims{})
+func VerifyTokenWithClaims(tokenString string) (*jwt.Token, error) {
+	signingKey := []byte(viper.GetString("jwt-secret"))
+	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+		return signingKey, nil
+	})
 	if err != nil {
-		return nil, fmt.Errorf("invalid token")
+		return nil, fmt.Errorf("invalid token: %v", err)
 	}
EOF
@@ -41,6 +41,9 @@

func StringToTokenWithoutVerification(tokenString string) (*jwt.Token, error) {
token, _, err := new(jwt.Parser).ParseUnverified(tokenString, jwt.MapClaims{})
func VerifyTokenWithClaims(tokenString string) (*jwt.Token, error) {
signingKey := []byte(viper.GetString("jwt-secret"))
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
return signingKey, nil
})
if err != nil {
return nil, fmt.Errorf("invalid token")
return nil, fmt.Errorf("invalid token: %v", err)
}
internal/middleware/auth/authenticator/keycloak/keycloak.go
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/internal/middleware/auth/authenticator/keycloak/keycloak.go b/internal/middleware/auth/authenticator/keycloak/keycloak.go
--- a/internal/middleware/auth/authenticator/keycloak/keycloak.go
+++ b/internal/middleware/auth/authenticator/keycloak/keycloak.go
@@ -51,3 +51,3 @@
 func (a *keycloakAuthenticator) AuthenticateToken(r *http.Request, token string) (*authenticator.Response, bool, error) {
-	parsedToken, err := helper.StringToTokenWithoutVerification(token)
+	parsedToken, err := helper.VerifyTokenWithClaims(token)
 	if err != nil {
EOF
@@ -51,3 +51,3 @@
func (a *keycloakAuthenticator) AuthenticateToken(r *http.Request, token string) (*authenticator.Response, bool, error) {
parsedToken, err := helper.StringToTokenWithoutVerification(token)
parsedToken, err := helper.VerifyTokenWithClaims(token)
if err != nil {
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@ktkfree ktkfree merged commit b4925d5 into main Oct 15, 2024
7 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@ktkfree @cho4036 @seungkyua @robertchoi80 @sangkenlee @sangkeon @Siyeop