Avoid making Temporal API calls if unauthenticated (#105)

feedmeapples · web-flow · commit fc5178eaa165 · 2022-02-28T10:22:06.000-08:00
diff --git a/server/routes/api.go b/server/routes/api.go
@@ -50,6 +50,11 @@ func SetAPIRoutes(e *echo.Echo, cfgProvider *config.ConfigProviderWithRefresh) e
 
 func temporalAPIHandler(cfgProvider *config.ConfigProviderWithRefresh) echo.HandlerFunc {
 	return func(c echo.Context) error {
+		err := validateAuth(c, cfgProvider)
+		if err != nil {
+			return err
+		}
+
 		cfg, err := cfgProvider.GetConfig()
 		if err != nil {
 			return c.JSON(http.StatusInternalServerError, err)
@@ -165,3 +170,27 @@ func withAuth(c echo.Context) runtime.ServeMuxOption {
 		},
 	)
 }
+
+func validateAuth(c echo.Context, cfgProvider *config.ConfigProviderWithRefresh) error {
+	cfg, err := cfgProvider.GetConfig()
+	if err != nil {
+		return err
+	}
+
+	isEnabled := cfg.Auth.Enabled
+	if !isEnabled {
+		return nil
+	}
+
+	sess, _ := session.Get("auth", c)
+	if sess == nil {
+		return echo.NewHTTPError(http.StatusUnauthorized, "unauthorized")
+	}
+
+	token := sess.Values["access-token"]
+	if token == nil {
+		return echo.NewHTTPError(http.StatusUnauthorized, "unauthorized")
+	}
+
+	return nil
+}
diff --git a/server/server.go b/server/server.go
@@ -45,6 +45,7 @@ var uiHTML []byte
 // https://github.com/sveltejs/kit/pull/1370#issuecomment-853306453
 //go:embed generated/ui/*
 //go:embed generated/ui/_app/assets/pages/*
+//go:embed generated/ui/_app/assets/_*
 //go:embed generated/ui/_app/chunks/*
 //go:embed generated/ui/_app/pages/*
 //go:embed generated/ui/_app/assets/pages/namespaces/\[namespace\]/workflows/\[workflow\]/\[run\]/history/compact/activity-\[eventId\]/*
