fix: 文件接口公开路由与代码权限要求矛盾
GET /api/v1/files 在 envoy 里被设为公开路由但 getFileLogic 要求 user_id,去掉 jwt_authn 和 ext_authz 的公开豁免。
This commit is contained in:
zetaloop
@@ -216,19 +216,6 @@ static_resources:
|
|||||||
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
|
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
|
||||||
disabled: true
|
disabled: true
|
||||||
|
|
||||||
- match:
|
|
||||||
path: /api/v1/files
|
|
||||||
headers:
|
|
||||||
- name: ":method"
|
|
||||||
exact_match: GET
|
|
||||||
route:
|
|
||||||
cluster: objectstory_api_cluster
|
|
||||||
timeout: 30s
|
|
||||||
typed_per_filter_config:
|
|
||||||
envoy.filters.http.ext_authz:
|
|
||||||
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthzPerRoute
|
|
||||||
disabled: true
|
|
||||||
|
|
||||||
- match:
|
- match:
|
||||||
prefix: /api/v1/auth
|
prefix: /api/v1/auth
|
||||||
route:
|
route:
|
||||||
@@ -534,11 +521,6 @@ static_resources:
|
|||||||
headers:
|
headers:
|
||||||
- name: ":method"
|
- name: ":method"
|
||||||
exact_match: GET
|
exact_match: GET
|
||||||
- match:
|
|
||||||
path: /api/v1/files
|
|
||||||
headers:
|
|
||||||
- name: ":method"
|
|
||||||
exact_match: GET
|
|
||||||
- match:
|
- match:
|
||||||
prefix: /api/v1
|
prefix: /api/v1
|
||||||
requires:
|
requires:
|
||||||
|
|||||||
Reference in New Issue
Block a user