refactor(handler): adminOnly helper for /.profile admin gates
Five identical 'if !zddc.IsAdmin { 404 }' guards on /whoami /config
/logs /effective-policy /reindex collapse to a single adminOnly
closure inside ServeProfile. Behavior unchanged — same 404-leakage
property, same elevation-gated authority — just one site to audit
instead of five.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
a85b25ce08
commit
ded9ff7883
1 changed files with 30 additions and 25 deletions
|
|
@ -49,6 +49,21 @@ func ServeProfile(cfg config.Config, ring *LogRing, idx *archive.Index, w http.R
|
||||||
|
|
||||||
email := EmailFromContext(r)
|
email := EmailFromContext(r)
|
||||||
|
|
||||||
|
// adminOnly wraps an admin-gated sub-handler. Routes that need root-
|
||||||
|
// admin authority (sudo-style, elevation-gated) deny with 404 (not
|
||||||
|
// 403) so a non-admin probing the namespace can't enumerate which
|
||||||
|
// admin-only resources exist. Single helper instead of five copy-
|
||||||
|
// pasted gates.
|
||||||
|
adminOnly := func(fn http.HandlerFunc) http.HandlerFunc {
|
||||||
|
return func(w http.ResponseWriter, r *http.Request) {
|
||||||
|
if !zddc.IsAdmin(cfg.Root, PrincipalFromContext(r)) {
|
||||||
|
http.NotFound(w, r)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
fn(w, r)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
switch sub {
|
switch sub {
|
||||||
case "/", "":
|
case "/", "":
|
||||||
serveProfilePage(cfg, w, r)
|
serveProfilePage(cfg, w, r)
|
||||||
|
|
@ -57,35 +72,25 @@ func ServeProfile(cfg config.Config, ring *LogRing, idx *archive.Index, w http.R
|
||||||
case "/projects":
|
case "/projects":
|
||||||
serveProfileProjectsCreate(cfg, w, r)
|
serveProfileProjectsCreate(cfg, w, r)
|
||||||
case "/whoami":
|
case "/whoami":
|
||||||
if !zddc.IsAdmin(cfg.Root, PrincipalFromContext(r)) {
|
adminOnly(func(w http.ResponseWriter, r *http.Request) {
|
||||||
http.NotFound(w, r)
|
serveProfileWhoami(cfg, email, w, r)
|
||||||
return
|
})(w, r)
|
||||||
}
|
|
||||||
serveProfileWhoami(cfg, email, w, r)
|
|
||||||
case "/config":
|
case "/config":
|
||||||
if !zddc.IsAdmin(cfg.Root, PrincipalFromContext(r)) {
|
adminOnly(func(w http.ResponseWriter, r *http.Request) {
|
||||||
http.NotFound(w, r)
|
serveProfileConfig(cfg, w, r)
|
||||||
return
|
})(w, r)
|
||||||
}
|
|
||||||
serveProfileConfig(cfg, w, r)
|
|
||||||
case "/logs":
|
case "/logs":
|
||||||
if !zddc.IsAdmin(cfg.Root, PrincipalFromContext(r)) {
|
adminOnly(func(w http.ResponseWriter, r *http.Request) {
|
||||||
http.NotFound(w, r)
|
serveProfileLogs(ring, w, r)
|
||||||
return
|
})(w, r)
|
||||||
}
|
|
||||||
serveProfileLogs(ring, w, r)
|
|
||||||
case "/effective-policy":
|
case "/effective-policy":
|
||||||
if !zddc.IsAdmin(cfg.Root, PrincipalFromContext(r)) {
|
adminOnly(func(w http.ResponseWriter, r *http.Request) {
|
||||||
http.NotFound(w, r)
|
serveProfileEffectivePolicy(cfg, w, r)
|
||||||
return
|
})(w, r)
|
||||||
}
|
|
||||||
serveProfileEffectivePolicy(cfg, w, r)
|
|
||||||
case "/reindex":
|
case "/reindex":
|
||||||
if !zddc.IsAdmin(cfg.Root, PrincipalFromContext(r)) {
|
adminOnly(func(w http.ResponseWriter, r *http.Request) {
|
||||||
http.NotFound(w, r)
|
serveProfileReindex(cfg, idx, email, w, r)
|
||||||
return
|
})(w, r)
|
||||||
}
|
|
||||||
serveProfileReindex(cfg, idx, email, w, r)
|
|
||||||
default:
|
default:
|
||||||
http.NotFound(w, r)
|
http.NotFound(w, r)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue