Revert changes and improve middleware declarations

Author: MariemBaccari

cmds/core-service/main.go

@@ -315,12 +315,10 @@ func RunHTTPServer(ctx context.Context, ctxCanceler func(), address, locality st
 		multiRouter.Routers = append(multiRouter.Routers, &scdV1Router)
 	}
 
-	handler := logging.HTTPMiddleware(logger, *dumpRequests,
-		healthyEndpointMiddleware(logger,
-			&multiRouter,
-		))
-
-	handler = authDecoderMiddleware(authorizer, handler)
+	// the middlewares are wrapped and, therefore, executed in the opposite order
+	handler := healthyEndpointMiddleware(logger, &multiRouter)
+	handler = logging.HTTPMiddleware(logger, *dumpRequests, handler)
+	handler = authMiddleware(authorizer, handler)
 
 	httpServer := &http.Server{
 		Addr:              address,
@@ -382,8 +380,8 @@ func healthyEndpointMiddleware(logger *zap.Logger, next http.Handler) http.Handl
 	})
 }
 
-// authDecoderMiddleware decodes the authentication token and adds the Subject claim to the context.
-func authDecoderMiddleware(authorizer *auth.Authorizer, handler http.Handler) http.Handler {
+// authMiddleware decodes the authentication token and passes the claims to the context.
+func authMiddleware(authorizer *auth.Authorizer, handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		var ctx context.Context
 		claims, err := authorizer.ExtractClaims(r)
@@ -400,13 +398,13 @@ func authDecoderMiddleware(authorizer *auth.Authorizer, handler http.Handler) ht
 
 		var errMsg string
 		if err != nil {
+			//remove the stacktrace using the formatting specifier "%#s"
 			errMsg = fmt.Sprintf("%#s", err)
 		}
 
 		ctx = context.WithValue(ctx, logging.CtxAuthKey{}, logging.CtxAuthValue{
 			Subject: claims.Subject,
-			//remove the stacktrace using the formatting specifier "%#s"
-			ErrMsg: errMsg,
+			ErrMsg:  errMsg,
 		})
 
 		handler.ServeHTTP(w, r.WithContext(ctx))

pkg/auth/auth.go

@@ -191,20 +191,20 @@ type CtxAuthValue struct {
 
 // Authorize extracts and verifies bearer tokens from a http.Request.
 func (a *Authorizer) Authorize(_ http.ResponseWriter, r *http.Request, authOptions []api.AuthorizationOption) api.AuthorizationResult {
-	v := r.Context().Value(CtxAuthKey{}).(CtxAuthValue)
-	if v.Error != nil {
-		return api.AuthorizationResult{Error: stacktrace.PropagateWithCode(v.Error, dsserr.Unauthenticated, "Invalid access token")}
+	authResults := r.Context().Value(CtxAuthKey{}).(CtxAuthValue)
+	if authResults.Error != nil {
+		return api.AuthorizationResult{Error: stacktrace.PropagateWithCode(authResults.Error, dsserr.Unauthenticated, "Invalid access token")}
 	}
 
-	if pass, missing := validateScopes(authOptions, v.Claims.Scopes); !pass {
+	if pass, missing := validateScopes(authOptions, authResults.Claims.Scopes); !pass {
 		return api.AuthorizationResult{Error: stacktrace.NewErrorWithCode(dsserr.PermissionDenied,
 			"Access token missing scopes (%v) while expecting %v and got %v",
-			missing, describeAuthorizationExpectations(authOptions), strings.Join(v.Claims.Scopes.ToStringSlice(), ", "))}
+			missing, describeAuthorizationExpectations(authOptions), strings.Join(authResults.Claims.Scopes.ToStringSlice(), ", "))}
 	}
 
 	return api.AuthorizationResult{
-		ClientID: &v.Claims.Subject,
-		Scopes:   v.Claims.Scopes.ToStringSlice(),
+		ClientID: &authResults.Claims.Subject,
+		Scopes:   authResults.Claims.Scopes.ToStringSlice(),
 	}
 }
 

pkg/logging/http.go

@@ -75,11 +75,11 @@ func HTTPMiddleware(logger *zap.Logger, dump bool, handler http.Handler) http.Ha
 			}
 		}
 
-		v := r.Context().Value(CtxAuthKey{}).(CtxAuthValue)
-		if v.ErrMsg != "" {
-			logger = logger.With(zap.String("resp_sub_err", v.ErrMsg))
+		authResults := r.Context().Value(CtxAuthKey{}).(CtxAuthValue)
+		if authResults.ErrMsg != "" {
+			logger = logger.With(zap.String("resp_sub_err", authResults.ErrMsg))
 		} else {
-			logger = logger.With(zap.String("req_sub", v.Subject))
+			logger = logger.With(zap.String("req_sub", authResults.Subject))
 		}
 
 		handler.ServeHTTP(trw, r)