Skip to content

Update messages and minor fixes #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
klaidliadon wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Update messages and minor fixes #56

klaidliadon wants to merge 4 commits into from
+76 −49

Conversation

@klaidliadon
Copy link
Contributor

@klaidliadon klaidliadon commented Dec 19, 2025
edited
Loading

  • Detect the go version in go.mod and use it in make proto and make generate (go 1.25 introduces some compile errors)
  • Fix Admin JWT scope checking for multiple scopes: instead of strings.Contains, we split the scopes using , and check if the service is in the list
  • Added some tests to check that the session is upgraded only on a scope match
  • Updated error message for rate limit error

@klaidliadon klaidliadon mentioned this pull request Jan 5, 2026
Open
taylanpince
taylanpince reviewed Jan 5, 2026
View reviewed changes
middleware.go
// Reduce to public if scope claim does not match.
sessionType = proto.SessionType_Admin
// Reduce to public if a scope is provided and the claim does not match.
if scopeClaim != "" && !slices.Contains(strings.Split(scopeClaim, ","), cfg.ServiceName) {
Copy link

@taylanpince taylanpince Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if reducing to public is more confusing here than not. If I make a request with the wrong scope, I would rather get an error, instead of silently getting reduced to public scope.

Copy link
Contributor

@VojtechVitek VojtechVitek Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree.

If Admin JWT is scoped to indexer service only -- but is used to make request to other service -- I'd expect the request to fail with HTTP 403 and a clear error message.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@taylanpince taylanpince taylanpince left review comments

@VojtechVitek VojtechVitek Awaiting requested review from VojtechVitek

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@klaidliadon @taylanpince @VojtechVitek