feat: should return error when no permission configured

goto · Mar 7, 2024 · 6a48bdf · 6a48bdf
1 parent d623998
commit 6a48bdf
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/internal/proxy/middleware/authz/authz.go b/internal/proxy/middleware/authz/authz.go
@@ -115,6 +115,12 @@ func (c *Authz) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 		return
 	}
 
+	if valid, err := config.validate(); !valid {
+		c.log.Error("middleware", c.Info().Name, "err", err)
+		c.notAllowed(rw, nil)
+		return
+	}
+
 	permissionAttributes := map[string]interface{}{}
 
 	permissionAttributes["namespace"] = rule.Backend.Namespace
@@ -297,6 +303,14 @@ func (w Authz) notAllowed(rw http.ResponseWriter, err error) {
 	rw.WriteHeader(http.StatusUnauthorized)
 }
 
+func (cg Config) validate() (bool, error) {
+	if len(cg.Permissions) == 0 {
+		return false, errors.New("no permissions configured")
+	}
+
+	return true, nil
+}
+
 func enrichExpression(exp expression.Expression, attributes map[string]interface{}) expression.Expression {
 	if val, ok := attributes[exp.Attribute.(string)]; ok {
 		exp.Attribute = val