Authorization is giving permission to a user to do an action on the server. As developers, we must ensure that users are only allowed to do what they are authorized.
One way to ensure that authorization has happened is to loudly flag when it hasn’t. This is how we do it at Fleet Device Management.
In our code base, we use the go-kit library. Most of the general endpoints are created in the handler.go file. For example:
// user-authenticated endpoints
ue := newUserAuthenticatedEndpointer(svc, opts, r, apiVersions...)
ue.POST("/api/_version_/fleet/trigger", triggerEndpoint, triggerRequest{})
Every endpoint calls kithttp.NewServer and wraps the endpoint with our AuthzCheck. From handler.go:
e = authzcheck.NewMiddleware().AuthzCheck()(e)
return kithttp.NewServer(e, decodeFn, encodeResponse, opts...)
This means that after the business logic is processed, the AuthzCheck is called. This check ensures that authorization was checked. Otherwise, an error is returned. From authzcheck.go:
// If authorization was not checked, return a response that will
// marshal to a generic error and log that the check was missed.
if !authzctx.Checked() {
// Getting to here means there is an authorization-related bug in our code.
return nil, authz.CheckMissingWithResponse(response)
}
This additional check is useful during our development and QA process, to ensure that authorization always happens in our business logic.
Further reading
Recently, we improved our app’s security by reading program arguments from STDIN.
Watch how we catch missed authorization checks
Note: If you want to comment on this article, please do so on the YouTube video.
This article originally appeared in Fleet’s blog.