Fix missing gRPC interceptor registrations for RevokeCert, DeleteCert, SignCSR
RevokeCert and DeleteCert were not registered in sealRequired, authRequired, or adminRequired method sets, so the auth interceptor never ran for those calls and CallerInfo arrived as nil, producing "authentication required". SignCSR had the same gap in sealRequired and authRequired. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1 +1 @@
|
|||||||
[{"lang":"en","usageCount":37}]
|
[{"lang":"en","usageCount":39}]
|
||||||
@@ -126,6 +126,9 @@ func sealRequiredMethods() map[string]bool {
|
|||||||
"/metacrypt.v2.CAService/GetCert": true,
|
"/metacrypt.v2.CAService/GetCert": true,
|
||||||
"/metacrypt.v2.CAService/ListCerts": true,
|
"/metacrypt.v2.CAService/ListCerts": true,
|
||||||
"/metacrypt.v2.CAService/RenewCert": true,
|
"/metacrypt.v2.CAService/RenewCert": true,
|
||||||
|
"/metacrypt.v2.CAService/SignCSR": true,
|
||||||
|
"/metacrypt.v2.CAService/RevokeCert": true,
|
||||||
|
"/metacrypt.v2.CAService/DeleteCert": true,
|
||||||
"/metacrypt.v2.PolicyService/CreatePolicy": true,
|
"/metacrypt.v2.PolicyService/CreatePolicy": true,
|
||||||
"/metacrypt.v2.PolicyService/ListPolicies": true,
|
"/metacrypt.v2.PolicyService/ListPolicies": true,
|
||||||
"/metacrypt.v2.PolicyService/GetPolicy": true,
|
"/metacrypt.v2.PolicyService/GetPolicy": true,
|
||||||
@@ -153,6 +156,9 @@ func authRequiredMethods() map[string]bool {
|
|||||||
"/metacrypt.v2.CAService/GetCert": true,
|
"/metacrypt.v2.CAService/GetCert": true,
|
||||||
"/metacrypt.v2.CAService/ListCerts": true,
|
"/metacrypt.v2.CAService/ListCerts": true,
|
||||||
"/metacrypt.v2.CAService/RenewCert": true,
|
"/metacrypt.v2.CAService/RenewCert": true,
|
||||||
|
"/metacrypt.v2.CAService/SignCSR": true,
|
||||||
|
"/metacrypt.v2.CAService/RevokeCert": true,
|
||||||
|
"/metacrypt.v2.CAService/DeleteCert": true,
|
||||||
"/metacrypt.v2.PolicyService/CreatePolicy": true,
|
"/metacrypt.v2.PolicyService/CreatePolicy": true,
|
||||||
"/metacrypt.v2.PolicyService/ListPolicies": true,
|
"/metacrypt.v2.PolicyService/ListPolicies": true,
|
||||||
"/metacrypt.v2.PolicyService/GetPolicy": true,
|
"/metacrypt.v2.PolicyService/GetPolicy": true,
|
||||||
@@ -173,6 +179,8 @@ func adminRequiredMethods() map[string]bool {
|
|||||||
"/metacrypt.v2.CAService/ImportRoot": true,
|
"/metacrypt.v2.CAService/ImportRoot": true,
|
||||||
"/metacrypt.v2.CAService/CreateIssuer": true,
|
"/metacrypt.v2.CAService/CreateIssuer": true,
|
||||||
"/metacrypt.v2.CAService/DeleteIssuer": true,
|
"/metacrypt.v2.CAService/DeleteIssuer": true,
|
||||||
|
"/metacrypt.v2.CAService/RevokeCert": true,
|
||||||
|
"/metacrypt.v2.CAService/DeleteCert": true,
|
||||||
"/metacrypt.v2.PolicyService/CreatePolicy": true,
|
"/metacrypt.v2.PolicyService/CreatePolicy": true,
|
||||||
"/metacrypt.v2.PolicyService/DeletePolicy": true,
|
"/metacrypt.v2.PolicyService/DeletePolicy": true,
|
||||||
"/metacrypt.v2.ACMEService/SetConfig": true,
|
"/metacrypt.v2.ACMEService/SetConfig": true,
|
||||||
|
|||||||
@@ -479,6 +479,12 @@ func (ws *WebServer) handleIssuerDetail(w http.ResponseWriter, r *http.Request)
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (ws *WebServer) handleIssueCert(w http.ResponseWriter, r *http.Request) {
|
func (ws *WebServer) handleIssueCert(w http.ResponseWriter, r *http.Request) {
|
||||||
|
// Disable the server-wide write deadline for this handler: it streams a
|
||||||
|
// tgz response only after several serial gRPC calls, which can easily
|
||||||
|
// consume the 30 s WriteTimeout before we start writing. We set our own
|
||||||
|
// 60 s deadline just before the write phase below.
|
||||||
|
_ = http.NewResponseController(w).SetWriteDeadline(time.Time{})
|
||||||
|
|
||||||
info := tokenInfoFromContext(r.Context())
|
info := tokenInfoFromContext(r.Context())
|
||||||
token := extractCookie(r)
|
token := extractCookie(r)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user